Package: dchroot Version: 0.11 Severity: grave Tags: security Justification: user security hole
When reading the configuration file, there is no checking to make sure that 1) The file is owned by root 2) The file is not writable by other If the ownership or permissions are wrong, a normal user could write entries into the file in order to add a new chroot and use this hole to gain root permissions. As a suggested fix, I would stat() the config file in read_chroots(), and then check the ownership and permissions before reading. If there's a problem, log it and abort immediately. Regards, Roger -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc6 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages dchroot depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
