Re: Using Zip executable in Cocoa Application
Re: Using Zip executable in Cocoa Application
- Subject: Re: Using Zip executable in Cocoa Application
- From: Dan Saul <email@hidden>
- Date: Sun, 18 Dec 2005 01:47:49 -0600
Wrong, the /501/ part of the path is the UID of the user that has access to it.
It is only accessible by that UID (by default) and no more a security
hole then ~/.
On 17/12/05, Uli Kusterer <email@hidden> wrote:
>
Am 17.12.2005 um 15:38 schrieb Shaun Wexler:
>
> That won't return @"/tmp"; it's something like @"/private/var/tmp/
>
> folders.501/TemporaryItems", but more-or-less guaranteed to be
>
> world-writable (on a writable file system).
>
>
Nice security hole waiting to be explored. Zip some important files
>
of the user's and save them there, and any other user can read
>
them... Sweeeet...
>
>
Cheers,
>
-- M. Uli Kusterer
>
http://www.zathras.de
>
>
>
_______________________________________________
>
Do not post admin requests to the list. They will be ignored.
>
Cocoa-dev mailing list (email@hidden)
>
Help/Unsubscribe/Update your Subscription:
>
>
This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden