fixed: security vulnerability in 'ln' winix function
a user could create a hardlink to any file and the new link
had user_id, group_id and permissions the same as for new generated files,
this allowes to overwrite any existing file in the filesystem,
now user_id, group_id, permissions are the same as from the oryginal file
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@941 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
* This file is a part of Winix
|
||||
* and is not publicly distributed
|
||||
*
|
||||
* Copyright (c) 2010, Tomasz Sowa
|
||||
* Copyright (c) 2010-2013, Tomasz Sowa
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
@@ -271,7 +271,11 @@ void PrivChanger::PrivOneItem()
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
!! IMPROVE ME
|
||||
we can add a counter to measure how many there are access denieds for files/directories
|
||||
and when changing only one file/directory we can show access denied message
|
||||
*/
|
||||
void PrivChanger::Change(bool change_owner_, bool change_priv_)
|
||||
{
|
||||
if( !CheckAccess() )
|
||||
|
||||
Reference in New Issue
Block a user