Bug#733444: wicd-daemon: wrong permissions (-rw-rw-rw-) for some log files

Vincent Lefevre Tue, 08 Aug 2017 12:03:25 -0700

Control: found -1 1.7.4+tb2-4
Control: severity -1 important
Control: tags -1 security


On 2013-12-28 22:58:12 +0100, Vincent Lefevre wrote:
> The contents of my /var/log/wicd directory:
> 
> -rw-r----- 1 root adm   301595 2013-12-28 22:27:16 wicd.log
> -rw-r----- 1 root adm   369856 2013-12-20 11:14:01 wicd.log.1
> -rw-rw-rw- 1 root root  810018 2013-12-17 20:30:49 wicd.log.2
> -rw-rw-rw- 1 root root 6945574 2013-12-20 11:03:16 wicd.log.3

This still occurs:

-rw-rw-rw- 1 root root 163216 2017-08-08 20:49:03 wicd.log
-rw-r----- 1 root adm  487256 2017-08-01 21:19:32 wicd.log.1
-rw-r----- 1 root adm  362245 2017-07-27 14:31:22 wicd.log.2
-rw-r----- 1 root adm  383022 2017-07-19 22:07:07 wicd.log.3

So, any user can write anything in the wicd.log file, with
possible DoS.

-- 
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#733444: wicd-daemon: wrong permissions (-rw-rw-rw-) for some log files

Reply via email to