You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We don't need to know the path of stdout. It doesn't even necessarily have one. The code suffers from the TOCTTOU mentioned in #244, and it also uses /proc (a Linux extension) on non-Linux systems, so it's possible to affect the behavior of scrot by creating a /proc/self/fd/1 file on non-Linux systems.
This is probably because the imlib APIs we use want an output filename instead of an output file descriptor which is a design bug in imlib because it creates more races and unnecessarily limits the usefulness of the library (can't pick whether or not to overwrite a file, for instance). I looked at the headers of Imlib 1.10.0 and there is no function that writes an image to a given fd.
Imlib has added a function to address this in 1.11.0 on scrot's request, we need to migrate to it.
The text was updated successfully, but these errors were encountered:
We don't need to know the path of stdout. It doesn't even necessarily have one. The code suffers from the TOCTTOU mentioned in #244, and it also uses /proc (a Linux extension) on non-Linux systems, so it's possible to affect the behavior of scrot by creating a /proc/self/fd/1 file on non-Linux systems.
scrot/src/options.c
Lines 339 to 348 in 99be99f
This is probably because the imlib APIs we use want an output filename instead of an output file descriptor which is a design bug in imlib because it creates more races and unnecessarily limits the usefulness of the library (can't pick whether or not to overwrite a file, for instance). I looked at the headers of Imlib 1.10.0 and there is no function that writes an image to a given fd.
Imlib has added a function to address this in 1.11.0 on scrot's request, we need to migrate to it.
The text was updated successfully, but these errors were encountered: