severity 313085 wishlist thanks On Sat, Jun 11, 2005 at 08:16:03PM +0100, Roger Leigh wrote: > Package: dchroot > Version: 0.11 > Severity: grave > Tags: security > Justification: user security hole
> When reading the configuration file, there is no checking to > make sure that > 1) The file is owned by root > 2) The file is not writable by other > If the ownership or permissions are wrong, a normal user could write > entries into the file in order to add a new chroot and use this > hole to gain root permissions. So don't fuck up the permissions on /etc/dchroot.conf? Unless there's an option to tell dchroot to use a different config file (which I don't see anywhere), this isn't a security hole in dchroot any more than letting people write to /etc/shadow is a security hole in su. > As a suggested fix, I would stat() the config file in read_chroots(), > and then check the ownership and permissions before reading. If > there's a problem, log it and abort immediately. Possibly a reasonable choice, but it also restricts site admins' ability to grant other accounts direct access to the file; so I think this bug should be left open but at wishlist severity only. -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
