|
From: | Paul Eggert |
Subject: | bug#61386: [PATCH] cp,mv,install: Disable sparse copy on macOS |
Date: | Wed, 15 Feb 2023 02:56:35 -0800 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 |
Attached is an updated proposal for the fclonefileat patch.CVE-2021-30995 confirmed my suspicion that coreutils 9.1 and the current bleeding-edge coreutils on Savannah both have an exploitable security bug on macOS. Although I hope this patch fixes the bug, it could use more pairs of eyes, given that Apple had so many problems fixing its own security bug involving fclonefileat, and given that the coreutils code has so many flags and conditions.
0001-cp-fclonefileat-security-fix-CLONE_ACL-fixups.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |