blob: 0932733602e4b12f4ec63c117db17fafc28d2c2f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
<sect2><title> </title><para> </para></sect2>
<sect2>
<title>Installation of Ed</title>
<note><para>Ed isn't something which many people use. It's installed here
because it can be used by the patch program if you encounter an ed-based patch
file. This happens rarely because diff-based patches are preferred these
days.</para></note>
<para>This package requires its patch to be applied before you can
install it. This patch fixes a symlink vulnerability in
<userinput>ed</userinput>. The <userinput>ed</userinput> executable
creates files in <filename class="directory">/tmp</filename> with
predictable names. By using various symlink attacks, it is possible
to have ed write to files it should not, change the permissions of
files, etc.</para>
<para>Apply the patch:</para>
<para><screen><userinput>patch -Np1 -i ../ed-&ed-patch-version;.patch</userinput></screen></para>
<para>Prepare Ed to be compiled:</para>
<para><screen><userinput>./configure --prefix=/usr</userinput></screen></para>
<para>Continue with compiling the package:</para>
<para><screen><userinput>make</userinput></screen></para>
<para>And finish off installing the package:</para>
<para><screen><userinput>make install</userinput></screen></para>
<para>We need to move the Ed binaries to the <filename
class="directory">/bin</filename> directory so they may be used in
the event that the <filename class="directory">/usr</filename>
partition is unavailable.</para>
<para><screen><userinput>mv /usr/bin/{ed,red} /bin</userinput></screen></para>
</sect2>
|
