Red Hat Bugzilla – Bug 30031
joe tries to use ./.joerc
Last modified: 2014-01-21 17:48:01 EST
Date: Wed, 28 Feb 2001 15:13:42 +0100
Subject: Joe's Own Editor File Handling Error
Joe tries to use ./.joerc for it's configuration file. If joe is used in a world-writable
directory, attacker can create .joerc there with malicious definitions that may
lead to to local user login (/root if root uses joe) compromise.
Don't they ever learn...
Doh. Stuuuupid people. (not that any non-newbie would use joe on a regular basis
anyway). Fixed in joe-2.8-44.
this should really be a fix that gets pushed out to 6.X and 7.0 - its a dumb
error but it could be exploited and I know (I am) a person who uses joe all the
course - I've already patched my joe rpm :)
I've already made rpms and an errata request for 5.2, 6.2 and 7.