Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'possible security issue' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
possible security issue
Authored by: mzs on Jun 04, '09 09:38:45AM

Okay this is way cool, and most people do not have potentially hostile users sharing a machine but the script should use mktemp and 'quoted form of' in more places. The mkdir /tmp/songname will fail but nothing checks its return, so some other user could create that dir in /tmp before you, let everyone write to it and put a symlink in there that say most likely then overwrites, so there is that race there. Again also I see a lot of 'POSIX path of' and then just quotes later used around that, depending on the input which I do not want to grok fully 'quoted form of' most likely needs to be used otherwise a song name can be crafted to run an arbitrary process.



[ Reply to This | # ]