harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Ellison <t.p.elli...@gmail.com>
Subject Re: [classlib] File.createNewFile(...)
Date Fri, 21 Sep 2007 08:27:29 GMT
Mark Hindess wrote:
> The security section of the excellent Linux Weekly News (http://lwn.net)
> this week has an article about "Exploiting symlinks and tmpfiles".
> After reading it, I thought I'd take a look at the Harmony natives.  I
> am beginning to wish I hadn't ...

Well I'm glad that you did :-)

<big snip/>

> I have a patch for the unix now and I don't think it is as complicated
> on windows but I'm just getting someone to check the patch before
> committing it.

After reading through your exploits it seems (a) surprising about the
apparent inconsistency in the OS APIs, and (b) right to fix the current
harmony behavior to avoid miscreant's taking advantage of it.

Regards,
Tim


Mime
View raw message