Security update to sgmltool

May 4, 2001

Author: JT Smith

Posted at LWN.net: The sgmltool programs (“sgml2html” and others) are used to convert
SGML-files into various other formats.

During operation, the underlying SGML perlmodule creates temporary files
in an insecure way. This allows attackers to destroy arbitrary files owned
by the user who invoked the sgmltool program. The problem has been fixed
by creating temporary files with the exclusive (O_EXCL) option upon
opening them.

Category:

Linux

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR