GNU bug report logs - #60425
Maybe a security issue

Previous Next

Full log

View this message in rfc822 format

From: Fabio Luiz Barbosa <fabio.barbosa <at> nzn.io>
To: 60425 <at> debbugs.gnu.org
Subject: bug#60425: Maybe a security issue
Date: Thu, 29 Dec 2022 13:48:58 -0300

[Message part 1 (text/plain, inline)]

Hi there,

so I was doing a test but am unsure if it is a bug from sed or a known
behavior from sed nor if it is considered a security issue.

On the test, I was able to "write" in a file that the permission is 400 the
only way to "avoid it" is to alter the permission to 000.

Using setfacl or other means to manipulate the permission level was not
effective.

If this is a known issue from sed, from internal sed "working way" or it
was already fixed in newer versions please do not consider this message.

====================================================================
sed --version
sed (GNU sed) 4.7
Packaged by Debian
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Jay Fenlason, Tom Lord, Ken Pizzini,
Paolo Bonzini, Jim Meyering, and Assaf Gordon.
GNU sed home page: <https://www.gnu.org/software/sed/>.
General help using GNU software: <https://www.gnu.org/gethelp/>.
E-mail bug reports to: <bug-sed <at> gnu.org>

[Message part 2 (text/html, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.