FreeBSD Security Advisory FreeBSD-SA-06:03.cpio
Simon L. Nielsen
simon at FreeBSD.org
Wed Jan 11 12:53:36 PST 2006
On 2006.01.11 15:35:01 +0100, Aleksander Fafula wrote:
> I am preparing the translations of Security Advisories. This is why
> I have a few questions.
Hey,
Sure, ask away. We (FreeBSD Security Team) try to proof read a lot to
fix typo's and make the text as clear as possibly, but unfortunately
some things slip through.
> I don't unerstand who are 'they', (files?):
>
> > . The first problem can allow a local attacker to change the
> > permissions of files owned by the user executing cpio providing
> > that they have write access to the directory in which the file is
> > being extracted. (CVE-2005-1111)
Here "they" refers to the local attacker.
> > NOTE WELL: The solution described below causes cpio to not exact files
> > with absolute paths by default anymore. If it is required that cpio
> > exact files with absolute names, use the --absolute-filenames
> > parameter.
>
> Shouldn't 'exact' be 'extract'. It's very interesting for me as
> I see 'exact' here two times (two typos or maybe I don't understand
> this).
Whoops, yes it should be "extract" in both cases... well, at least I
was consistent in my typos... ;-).
I accept the pointy hat for this one.
> Another suggestion is:
> Security Advisories on www.freebsd.org should be ordered by date.
> Displaying 1,2,3 and no 4 causes people to omit advisory no 4! It
> should be displayed 4, 3, 2, 1 and probably all new releases - no matter
> how many.
> On http://www.freebsd.org/security/ sorting of advisories seems like above.
I agree in general, and I will try to improve it (though defining
"new" items is not too easy for something like this). Xin Li has
already reverse the order so 4, 3, and 2 are shown making it more
clear that there have been 4 so far in 2006.
--
Simon L. Nielsen
FreeBSD Security Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20060111/801c0b85/attachment.bin
More information about the freebsd-security
mailing list