Bug#494648: marked as done (The possibility of attack with the help of symlinks in some Debian packages)

Wed, 13 Aug 2008 05:09:30 -0700 

Your message dated Wed, 13 Aug 2008 22:06:46 +1000
with message-id <[EMAIL PROTECTED]>
and subject line duplicate of Bug#444982, which was fixed in Oct 2007
has caused the Debian Bug report #494648,
regarding The possibility of attack with the help of symlinks in some Debian 
packages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494648: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: twiki
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+------------------+-----------------+----------------------------------
|    package       |  script         | file for attack
+------------------+-----------------+----------------------------------
| mplayer-1.0~rc2  |  config         | /tmp/HACK (pipe)
|                  |                 |
| nws-2.13         |  postinst       | /tmp/nws.debug (cp)
|                  |                 |
| ppp-2.4.4rel     |  postinst       | /tmp/probe-finished (rm -f, pipe)
|                  |  postinst       | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb       |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|                  |                 |
| twiki-4.1.2      |  postinst       | /tmp/twiki  (chmod 1777, chown)
+------------------+-----------------+----------------------------------

--- End Message ---
--- Begin Message --- 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982

Implemented Joey's suggestion of 1777 & O_EXCL - mostly the files in
/tmp are written by CGI::Session, that takes care of things.
Also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point wrt
to filling /var

-- 
Professional Wiki Innovation and Support
Sven Dowideit - http://DistributedINFORMATION.com
A WikiRing Partner - http://wikiring.com
Public key -
http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on

--- End Message ---

Reply via email to