GNU bug report logs -
#60425
Maybe a security issue
Previous Next
To reply to this bug, email your comments to 60425 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-sed <at> gnu.org:
bug#60425; Package
sed.
(Fri, 30 Dec 2022 07:05:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Fabio Luiz Barbosa <fabio.barbosa <at> nzn.io>:
New bug report received and forwarded. Copy sent to
bug-sed <at> gnu.org.
(Fri, 30 Dec 2022 07:05:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi there,
so I was doing a test but am unsure if it is a bug from sed or a known
behavior from sed nor if it is considered a security issue.
On the test, I was able to "write" in a file that the permission is 400 the
only way to "avoid it" is to alter the permission to 000.
Using setfacl or other means to manipulate the permission level was not
effective.
If this is a known issue from sed, from internal sed "working way" or it
was already fixed in newer versions please do not consider this message.
====================================================================
sed --version
sed (GNU sed) 4.7
Packaged by Debian
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Jay Fenlason, Tom Lord, Ken Pizzini,
Paolo Bonzini, Jim Meyering, and Assaf Gordon.
GNU sed home page: <https://www.gnu.org/software/sed/>.
General help using GNU software: <https://www.gnu.org/gethelp/>.
E-mail bug reports to: <bug-sed <at> gnu.org>
[Message part 2 (text/html, inline)]
This bug report was last modified 1 year and 118 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.