Bug#358210: debian-installer: Possible DoS attack: World writable directory remains after installing Debian 3.1r1 from the official network install CD

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#358210: debian-installer: Possible DoS attack: World writable directory remains after installing Debian 3.1r1 from the official network install CD
From: Ferenczi Viktor <letezo@fw.hu>
Date: Tue, 21 Mar 2006 20:47:15 +0100
Message-id: <[🔎] 20060321194715.24555.76033.reportbug@sirius.mginfszki.sulinet.hu>
Reply-to: Ferenczi Viktor <letezo@fw.hu>, 358210@bugs.debian.org

Package: debian-installer
Severity: normal


World writable directory remains after installing
Debian 3.1r1 from the official network install CD:

/var/log/debian-installer/cdebconf

In my opinion this shuld be fixed some way
on already installed systems, since any user can
use this directory to initialte a DoS attack by
filling the /var/log partition unless a quota
limit prevents this. PHP and other WEB applications
could exploit this directory on a hosting server
if PHP allows access to this directory.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-sirius-20051219-0354
Locale: LANG=hu_HU, LC_CTYPE=hu_HU (charmap=ISO-8859-2)

Reply to:

Prev by Date: Re: New developer?
Next by Date: Bug#357606: reportbug installation-report
Previous by thread: Re: New developer?
Next by thread: Processed: severity of 358210 is grave, tagging 358210, reassign 358210 to passwd, closing 358210 ...
Index(es):
- Date
- Thread