Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

Tue, 12 Aug 2008 18:39:29 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Guys,

I'd need a second opinion on this report please.

My recollection was that we squashed this in Bug#444982

If not, is there any chance that automated tool users are at least
required to help out with a bit more information that the alarmist text
below?

I will have to assume that this report is indeed incorrect unless I hear
otherwise.

Sven

Dmitry E. Oboukhov wrote:
> Package: twiki
> Severity: grave
> Tags: security
> 
> This message about the error concerns a few packages  at  once.   I've
> tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
> config scripts were tested.
> 
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files.
> 
> For example if a script uses in its work a temp file which is  created
> in /tmp directory, then every user can create symlink  with  the  same
> name in this directory in order to  destroy  or  rewrite  some        system
> file.
> 
> I set Severity into grave for  this  bug.   The  table        of  discovered
> problems is below.
> 
> +------------------+-----------------+----------------------------------
> |    package       |  script         | file for attack
> +------------------+-----------------+----------------------------------
> | mplayer-1.0~rc2  |  config         | /tmp/HACK (pipe)
> |                  |                 |
> | nws-2.13         |  postinst       | /tmp/nws.debug (cp)
> |                  |                 |
> | ppp-2.4.4rel     |  postinst       | /tmp/probe-finished (rm -f, pipe)
> |                  |  postinst       | /tmp/ppp-errors (rm -f, pipe)
> |   ppp-udeb       |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
> |                  |                 |
> | twiki-4.1.2      |  postinst       | /tmp/twiki  (chmod 1777, chown)
> +------------------+-----------------+----------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiiOYoACgkQPAwzu0QrW+nHKACgt+Yd/wMsLK+wvBAgA1qEww4g
1hoAnRexz3Up2jQeJzhamJ0k0Nh4sf2H
=rxz+
-----END PGP SIGNATURE-----



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to