Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 May 2008 12:44:42 -0300
From: "Gustavo De Nardin (spuk)" <gustavodn@...driva.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution

* Tavis Ormandy <taviso@....lonestar.org> [2008-05-14 14:46 +0000]:
> On Wed, May 14, 2008 at 04:03:34PM +0200, Sven Joachim wrote:
> > On 2008-05-14 15:27 +0200, Nico Golde wrote:
> > 
> > > As I am a vim user I might have done something wrong too, 
> > > not sure. What I did after installing emacs:
> 
> Same here, so out of curiosity i ran strace -efile -o log vim, and
> edited a few files. I observed vim looking for a directory called
> $TMPDIR in the wd, and using it as you would expect. Obviously a bug,
> and perhaps some minor security implications, anyone want to
> investigate? :-)

Check if it is not a mere package build bug. Anyway, tried something like
that and 'grep TMP /tmp/vim.strace' shows nothing to me.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.