search

superr4y / logkeys

Automatically exported from code.google.com/p/logkeys
Other
0 stars 0 forks source link

various "symlink attacks" possible #10

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
There is insufficient checking done when opening files.
(I'm only a newb. :S)

Original issue reported on code.google.com by kernc...@gmail.com on 22 Mar 2010 at 12:47

GoogleCodeExporter commented 9 years ago 
http://lwn.net/Articles/250468/

Original comment by kernc...@gmail.com on 22 Mar 2010 at 12:48

GoogleCodeExporter commented 9 years ago 
hopefully, all such vulnerabilities were fixed in r34 through r41.

the only issue I see now is that the attacker could read contents of arbitrary 
file
when specifying it as input keymap. thankfully, this will fail for most files 
(lines
are too long/empty, etc.).

finally, this should be fixed in r42, because logkeys is no longer setuid root, 
and
only superuser can change logkeys-start.sh and logkeys-kill.sh helper scripts!

Original comment by kernc...@gmail.com on 22 Apr 2010 at 7:39