reopen 475793 thanks So it appears that the cause of this bug is the permissions in adobe's tar archive:
$ tar --numeric-owner -vztf install_flash_player_9_linux.tar.gz drwxr-xr-x 501/100 0 2008-03-25 02:02 install_flash_player_9_linux/ -r-xr-xr-x 501/100 21700 2008-03-25 02:02 install_flash_player_9_linux/flashplayer-installer -rwxr-xr-x 501/100 8115888 2008-03-25 02:02 install_flash_player_9_linux/libflashplayer.so The fix applied by the maintainer is to chown the files after they are extracted. But this leaves a window of opportunity for user 501 (or any member of group 100, although currently the files are not writable by that group) to replace the contents of libflashplayer.so with something malicious. The correct fix would be to pass some option to tar to tell it to ignore permissions from the archive when extracting. -- Sam Morris http://robots.org.uk/ PGP key id 1024D/5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
signature.asc
Description: This is a digitally signed message part
