ed-0.2 use "mktemp" to create temporary files. This problem is known since almost four years, see for example: http://www.linuxsecurity.com/advisories/redhat_advisory-967.html | The ed executable creates files in /tmp with predictable | names. By using various symlink attacks, it is possible to | have ed write to files it should not, change the permissions | of various files, etc.
Created attachment 41133 [details, diff] ed-0.2-mkstemp.patch Patch from LFS.
seems like we install ed by default in gentoo, so this should be fixed. also we don
seems like we install ed by default in gentoo, so this should be fixed. also we don´t apply any kind of patch to fix this in our ed-0.2-r3
Sorry, should of course have been ed-0.2-r3 in the subject.
Base-system, please comment and/or apply patch.
0.2-r4 is in portage, lets make it stable
Arches, please test and mark sys-apps/ed-0.2-r4 stable : Current KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" Target KEYWORDS="x86 ppc sparc mips alpha arm hppa amd64 ia64 ppc64 s390"
Stable on alpha.
Stable on x86
sparc tasty.
arm/hppa/ia64/s390 have been loved
stable on ppc
stable amd64
mips stable
GLSA 200410-07 ppc64 : don't forget to mark stable to benefit from GLSA
stable on ppc64, thanks!
security: please see bug #73858. This security fix of yours has broken ed.
Well, it's not "our fix". vapier applied a patch (originally from LFS) on behalf of the base-system herd. But we can try to help in determining a more appropriate patch.
*** Bug 163220 has been marked as a duplicate of this bug. ***