]> git.wh0rd.org - dump.git/blobdiff - CHANGES
git.wh0rd.org / dump.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use lchown instead of chown (security problem of symlinks ownership)
[dump.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 48e9e60973518b812e7f2c6b94a8d985f5b7191b..98793c81c95fd146eddd226c65525b18add66cad 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,13 @@
-$Id: CHANGES,v 1.12 1999/11/03 21:05:52 tiniou Exp $
+$Id: CHANGES,v 1.13 1999/11/05 22:02:11 tiniou Exp $
+
+Changes between versions 0.4b8 and 0.4b9 (released November 5, 1999)
+====================================================================
+
+1.     Use lchown instead of chown, fixing a possible security problem 
+       when restoring symlinks (a malicious user could use this
+       to deliberately corrupt the ownership of important system files).
+       Thanks to Chris Siebenmann <cks@utcc.utoronto.ca> for detecting
+       this and providing the patch.
 
 Changes between versions 0.4b7 and 0.4b8 (released November 3, 1999)
 ====================================================================
Unnamed repository; edit this file 'description' to name the repository.