Bug 30031 - joe tries to use ./.joerc
joe tries to use ./.joerc
Product: Red Hat Linux
Classification: Retired
Component: joe (Show other bugs)
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-02-28 12:21 EST by Pekka Savola
Modified: 2014-01-21 17:48 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-02-28 12:21:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Pekka Savola 2001-02-28 12:21:43 EST
As per:

Date: Wed, 28 Feb 2001 15:13:42 +0100
From: advisories@WKIT.COM
Subject: Joe's Own Editor File Handling Error

Joe tries to use ./.joerc for it's configuration file.  If joe is used in a world-writable
directory, attacker can create .joerc there with malicious definitions that may
lead to to local user login (/root if root uses joe) compromise.

Don't they ever learn...
Comment 1 Trond Eivind Glomsrxd 2001-02-28 17:15:05 EST
Doh. Stuuuupid people. (not that any non-newbie would use joe on a regular basis
anyway). Fixed in joe-2.8-44.

Comment 2 Seth Vidal 2001-03-01 01:36:58 EST
this should really be a fix that gets pushed out to 6.X and 7.0 - its a dumb
error but it could be exploited and I know (I am) a person who uses joe all the

course - I've already patched my joe rpm :)

Comment 3 Trond Eivind Glomsrxd 2001-03-01 02:01:41 EST
I've already made rpms and an errata request for 5.2, 6.2 and 7.

Note You need to log in before you can comment on or make changes to this bug.