[Pidgin] #3982: Fix: Autoaccept plugin saves files to subdirectories based on resource
Pidgin
trac at pidgin.im
Sat Nov 17 20:09:19 EST 2007
#3982: Fix: Autoaccept plugin saves files to subdirectories based on resource
----------------------+-----------------------------------------------------
Reporter: galt | Owner:
Type: patch | Status: new
Priority: minor | Milestone:
Component: plugins | Version: 2.2.2
Resolution: | Keywords: autoaccept,xmpp,jabber
Pending: 0 |
----------------------+-----------------------------------------------------
Comment (by galt):
That's interesting. I just tested to see what would happen. Autoaccept
overwrites existing files (it should really rename them), so if Pidgin is
running as root, a sender could easily overwrite /etc/shadow. I guess the
right thing to do here would be to only keep the basename of the filename
that we get from the sender.
--
Ticket URL: <http://developer.pidgin.im/ticket/3982#comment:2>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list