On Wed, 2011-03-16 at 21:57 -0600, Raphael Geissert wrote: > On 16 March 2011 03:40, sean finney <sean...@debian.org> wrote: > > On Wed, Mar 16, 2011 at 09:27:29AM +0000, Stephane Chazelas wrote: > >> No, please look carefully. It's not "passwd" that's the > >> symlink, it's foo (to /etc). rm would remove > >> /var/lib/php5/foo/passwd, that is it would unlink the "passwd" > >> entry from the directory pointed to by "foo", that is "/etc". > > > > oh, right. well good catch then, i guess we'll need to prepare > > a stable security update... > > Yes, I'm on it. > For sid I'm inclined to make /var/lib/php5 uid: root, gid: www-data, > and remove the world-rw mode. Why would we want to allow anyone else > to use that dir anyway? perhaps I'm missing some bits of history.
I would suggest instead of using -delete, that we use -maxdepth 1. I
think technically there's still some small window of oppurtunity (maybe
not exploitable, but still) in between the find comparisons and the
delete action, and i don't think we need to decend into directories in
the first place since the session files are all in the top level of
that directory. i made a patch last night but my colo'd server has been
up and down for the past few days :/ i'll attach it here instead of
pushing it, so we can decide what makes the most sense.
Regarding the permissions, I also agree and don't know why they were
world read/writable, whether someone was just copying the perms
from /tmp or had a reason to do so. Not sure whether that also warrants
going into stable or not, but we could at least try it out in unstable
and see if anyohne complains :)
thoughts?
sean
From d276c4a7d79ed2e3bbe2ba26c19ee696a60d4f80 Mon Sep 17 00:00:00 2001 From: Sean Finney <sean...@debian.org> Date: Wed, 16 Mar 2011 21:36:42 +0100 Subject: [PATCH] Fix session gc cronjob to prevent race condition with unlinking files Closes: #618489 Thanks: Stephane Chazelas <stephane.chaze...@seebyte.com> --- debian/php5-common.php5.cron.d | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/debian/php5-common.php5.cron.d b/debian/php5-common.php5.cron.d index a4e73a8..9344c1e 100644 --- a/debian/php5-common.php5.cron.d +++ b/debian/php5-common.php5.cron.d @@ -4,4 +4,4 @@ # files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime # Look for and purge old sessions every 30 minutes -09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm +09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm -- 1.7.2.3
signature.asc
Description: This is a digitally signed message part
