[pkg-fgfs-crew] Bug#780867: flightgear: further restrict nasal permissions
Markus Wanner
markus at bluegap.ch
Fri Mar 20 18:03:32 UTC 2015
Package: flightgear
Version: 3.0.0-5
Severity: important
Tags: confirmed
Hi,
as discovered by Adam D. Barratt, FlightGear's script language Nasal
could better sandbox the scripts executed:
* write access to /tmp/*.xml is likely unneeded, see the upstream
discussion, here:
http://sourceforge.net/p/flightgear/mailman/message/33619992/
* symlinks are followed, which allows breaking out of the permitted
directories with a proper symlink.
This mostly serves as a reminder and tracking bug for myself.
Regards
Markus Wanner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1513 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-fgfs-crew/attachments/20150320/46246175/attachment.sig>
More information about the pkg-fgfs-crew
mailing list