[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Nano-devel] New prerelease for security tweaks
|
From: |
Chris Allegretta |
|
Subject: |
[Nano-devel] New prerelease for security tweaks |
|
Date: |
Wed, 7 Apr 2010 02:41:19 -0400 |
Hello,
Now that the AFJ fun is hopefully behind us, we recently received
some new attention from a security perspective, and an article was
published on symlink attacks when running nano as root. The article
is at http://drosenbe.blogspot.com/2010/03/nano-as-root.html if you're
interested.
The risk of a successful attack is somewhat small if you aren't in the
habit of editing files in user's home directories or /tmp, but the
issues presented are certainly legitimate. Dude to this I've included
some fixes for the modification checks and backup file writing in svn.
Unfortunately to implement that I had to break string freeze, so the
updated PO file has been submitted so we're looking at two weeks
before an official release if we want to follow normal procedure.
Given the risk I think it's okay to wait the two weeks, since someone
may wan to suggest a better fix than what's done so far.
Anyway, if you're interested in trying out the fixes, the pre2 release
is at http://www.nano-editor.org/dist/test/nano-2.2.4pre2.tar.gz
- [Nano-devel] New prerelease for security tweaks,
Chris Allegretta <=
- Re: [Nano-devel] New prerelease for security tweaks, Jordi Mallach, 2010/04/07
- Re: [Nano-devel] New prerelease for security tweaks, Chris Allegretta, 2010/04/07
- Re: [Nano-devel] New prerelease for security tweaks, Jordi Mallach, 2010/04/08
- Re: [Nano-devel] New prerelease for security tweaks, Chris Allegretta, 2010/04/09
- Re: [Nano-devel] New prerelease for security tweaks, Eitan Adler, 2010/04/10
- Re: [Nano-devel] New prerelease for security tweaks, Chris Allegretta, 2010/04/14
Re: [Nano-devel] New prerelease for security tweaks, Mike Frysinger, 2010/04/07