diff options
author | David Adam <zanchey@ucc.gu.uwa.edu.au> | 2014-04-28 23:37:02 +0800 |
---|---|---|
committer | David Adam <zanchey@ucc.gu.uwa.edu.au> | 2014-05-12 09:30:05 +0800 |
commit | 3225d7e169a9edb2f470c26989e7bc8e0d0355ce (patch) | |
tree | dc5286223db2f3b723fb944bd41e2560d8e02ff2 /env.cpp | |
parent | 6596d91c8264a8a0705736003c129a4422e91564 (diff) |
avoid symlink attacks in __fish_print_packages and spawning fishd
* use $XDG_CACHE_HOME for __fish_print_packages completion caches
* when starting fishd, redirect fishd output to /dev/null, not a
predictable path
Fix for CVE-2014-3219.
Closes #1440.
Diffstat (limited to 'env.cpp')
-rw-r--r-- | env.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -58,7 +58,7 @@ #include "fish_version.h" /** Command used to start fishd */ -#define FISHD_CMD L"fishd ^ /tmp/fishd.log.%s" +#define FISHD_CMD L"fishd ^ /dev/null" // Version for easier debugging //#define FISHD_CMD L"fishd" |