From: Daniel Stenberg Date: Mon, 21 Aug 2023 07:37:08 +0000 (+0200) Subject: docs: mention critical files in same directories as curl saves X-Git-Tag: curl-8_3_0~101 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=864090ca39c3c9fe994104ed23d29c37caa61a8e;p=thirdparty%2Fcurl.git docs: mention critical files in same directories as curl saves ... cannot be fully protected. Don't do it. Co-authored-by: Jay Satiro Reported-by: Harry Sintonen Fixes #11530 Closes #11701 --- diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md index 64123edd45..4a06a84e2a 100644 --- a/docs/SECURITY-PROCESS.md +++ b/docs/SECURITY-PROCESS.md @@ -269,3 +269,8 @@ timeout value or otherwise) are not considered security problems. Applications are supposed to already handle situations when the transfer loop legitimately consumes 100% CPU time, so while a prolonged such busy-loop is a nasty bug, we do not consider it a security problem. + +## Saving files + +curl cannot protect against attacks where an attacker has write access to the +same directory where curl is directed to save files. diff --git a/docs/libcurl/libcurl-security.3 b/docs/libcurl/libcurl-security.3 index e95bb6ecc4..0bc056c5fb 100644 --- a/docs/libcurl/libcurl-security.3 +++ b/docs/libcurl/libcurl-security.3 @@ -417,6 +417,9 @@ core dump file, such data might be accessible. Further, when eventually closing a handle and the secrets are no longer needed, libcurl does not explicitly clear memory before freeing it, so credentials may be left in freed data. +.SH "Saving files" +libcurl cannot protect against attacks where an attacker has write access to +the same directory where libcurl is directed to save files. .SH "Report Security Problems" Should you detect or just suspect a security problem in libcurl or curl, contact the project curl security team immediately. See