From e68616b799c992e139d25487ca4b61ceb0c70430 Mon Sep 17 00:00:00 2001 From: Chris Allegretta Date: Wed, 7 Apr 2010 06:20:55 +0000 Subject: [PATCH] 2010-04-07 Chris Allegretta * doc/man/nano.1,nanorc.5: Add warnings about using backup mode as root due to the Dan Rosenberg security analysis. git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@4493 35c25a1d-7b9e-4130-9fde-d3aeb78583b8 --- ChangeLog | 4 ++++ doc/man/nano.1 | 3 ++- doc/man/nanorc.5 | 3 ++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index fceeddaf..08619413 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2010-04-07 Chris Allegretta + * doc/man/nano.1,nanorc.5: Add warnings about using backup + mode as root due to the Dan Rosenberg security analysis. + 2010-04-02 Chris Allegretta * files.c (do_writeout): Expand modification check to include both the original file's device ID and inode number as reasons to warn the diff --git a/doc/man/nano.1 b/doc/man/nano.1 index a1ef3270..05ba462f 100644 --- a/doc/man/nano.1 +++ b/doc/man/nano.1 @@ -62,7 +62,8 @@ line. .TP .B \-B (\-\-backup) When saving a file, back up the previous version of it to the current -filename suffixed with a ~. +filename suffixed with a ~. This option is not recommended when editing +files as root due to potential security implications. .TP .B \-C \fIdir\fP (\-\-backupdir=\fIdir\fP) Set the directory where \fBnano\fP puts unique backup files if file diff --git a/doc/man/nanorc.5 b/doc/man/nanorc.5 index c172e61e..04ab1d3f 100644 --- a/doc/man/nanorc.5 +++ b/doc/man/nanorc.5 @@ -451,7 +451,8 @@ When writing a file, append to the end instead of overwriting. When writing a file, 'prepend' (write at the beginning) instead of overwriting. .TP .B backup -When writing a file, create a backup of the current file. +When writing a file, create a backup of the current file. This option is not +recommended when editing files as root due to potential security implications. .TP .B firstfile Move to the first file when using the file browser (reading or writing files).