Package: fai-client Severity: critical Tags: security Tags: pending When using fai softupdate, install_packages writes a list of all packages to the file /var/tmp/package, which is located in a world writeable directory. It also writes to /tmp/packages.list if FAI_DEBSOURCESDIR is set. These problems only affect FAI versions from 3.3 to 3.3.4.
In case you use PACKAGES dselect-upgrade (I guess it's not used very often) in package_config it writes to $FAI_ROOT/tmp/dpkg-selections.tmp. Since FAI_ROOT is set to / if you are calling fai softupdate, this is a security problem. This problem also affects older versions. I've already prepared a patch for this, which is available in the svn trunk. -- regards Thomas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
