luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libcurl/opts: do not save files in dirs where attackers have access

Browse Source 
libcurl cannot fully protect against attacks where an attacker has write
access to the same directory where it is directed to save files. This is
particularly sensitive if you save files using elevated privileges.

Previously only mentioned in VULN-DISCLOSURE-POLICY.md.

Highlighted-by: Donguk Kim

Closes #16051
This commit is contained in:
Daniel Stenberg 2025-01-19 12:35:39 +01:00
parent f1dbe68172
commit 0f54bfd803
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
4 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/libcurl/opts/CURLOPT_ALTSVC.md
View File

@ -41,6 +41,12 @@ option.
Using this option multiple times makes the last set string override the
previous ones. Set it to NULL to disable its use again.
# SECURITY CONCERNS
libcurl cannot fully protect against attacks where an attacker has write
access to the same directory where it is directed to save files. This is
particularly sensitive if you save files using elevated privileges.
# DEFAULT
NULL. The alt-svc cache is not read nor written to file.

2
docs/libcurl/opts/CURLOPT_COOKIEFILE.md
View File

@ -55,7 +55,7 @@ If you use this option multiple times, you add more files to read cookies
from. Setting this option to NULL disables the cookie engine and clears the
list of files to read cookies from.
# SECURITY
# SECURITY CONCERNS
This document previously mentioned how specifying a non-existing file can also
enable the cookie engine. While true, we strongly advise against using that

6
docs/libcurl/opts/CURLOPT_COOKIEJAR.md
View File

@ -52,6 +52,12 @@ option.
Using this option multiple times makes the last set string override the
previous ones. Set it to NULL to disable its use again.
# SECURITY CONCERNS
libcurl cannot fully protect against attacks where an attacker has write
access to the same directory where it is directed to save files. This is
particularly sensitive if you save files using elevated privileges.
# DEFAULT
NULL

6
docs/libcurl/opts/CURLOPT_HSTS.md
View File

@ -61,6 +61,12 @@ currently no length or size limit.
NULL, no filename
# SECURITY CONCERNS
libcurl cannot fully protect against attacks where an attacker has write
access to the same directory where it is directed to save files. This is
particularly sensitive if you save files using elevated privileges.
# %PROTOCOLS%
# EXAMPLE