|Summary:||XPM security fixes break writing XPM files with absolute path names|
|Product:||xorg||Reporter:||Nils Philippsen <nils>|
|Component:||Lib/Xpm||Assignee:||Xorg Project Team <xorg-team>|
|Status:||RESOLVED FIXED||QA Contact:|
|Priority:||high||CC:||dberkholz, eich, mharris, roland.mainz, sndirsch, thomas|
|i915 platform:||i915 features:|
|Bug Depends on:|
Description Nils Philippsen 2004-11-26 01:31:17 UTC
This bug is https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140815 originally. The new sanity checks prevent using file names that start with a "/" which along with other checks wouldn't let you use libXpm to write files that aren't in or beneath the process's current working directory. Not exactly what you want if you use it e.g. from the GIMP's xpm load/save plugin. Altogether, these checks seem to me to have the intention of working around missing similar checks in calling applications (just a rough guess) but in this instance I think it's obvious that the fixes have to be done in the applications themselves to avoid regressions.
Comment 1 Matthieu Herrb 2004-11-26 15:10:11 UTC
Created attachment 1407 [details] [review] Patch to remove extraneous test
Comment 2 Mike A. Harris 2004-11-29 12:24:03 UTC
Please make sure this gets applied to 6.8 stable branch also.
Comment 3 Stefan Dirsch 2004-12-03 03:31:20 UTC
Created attachment 1454 [details] [review] xpm-sec9.diff Unfortunately 1407 was not sufficient for me. You need this one as well. :-(
Comment 4 Thomas Biege 2004-12-06 06:01:11 UTC
Hello Nils, yes you are absolutely right. These checks should be part of the application not the library.
Comment 5 Matthieu Herrb 2004-12-11 08:30:46 UTC
This is handled by the patch in #1920 commited to the trunk.