nano -- symlink attack

ID DSA-004
Type debian
Reporter Debian
Modified 2000-12-17T00:00:00


The problem that was previously reported for joe has been found in other editors. When nano (a free pico clone) unexpectedly dies it tries a warning message to a new file with a predictable name (the name of the file being edited with ".save" appended). Unfortunately that file was not created safely which made nano vulnerable to a symlink attack.

This has been fixed in version 0.9.23-1 (except for powerpc, which has version 0.9.23-1.1).