Re: programs/scripts using /tmp/*$$
Michael Meskes writes:
> James Troup writes:
> > these programs aren't _usually_ executed as root; however they do
> > allow nasty user -> victim user attacks (of course victim user _could_
> > be root). This apparently lessens the severity of them. So a) any
> > objections to me filing bug reports on these packages to get them
> > fixed? and b) any suggestions as to the severity (Brian suggested
>
> No.
>
> > `important', Giuliano `grave')?
>
> Only the ones where a normal user can do harm to the system should be
> grave. The others should be important IMO. But wait, that means the packages
> will be removed, so better make them normal. :-)
If root can run the script, it can do harm. For example, "bug" (which uses
/tmp/bug.$$) doesn't allow that. All others can and will be used by
uneducated superuser.
Policy:
Any scripts which create files in world-writable directories (e.g., in
/tmp) have to use a mechanism which will fail if a file with the same
name already exists.
The Debian base distribution provides the tempfile and mktemp
utilities for use by scripts for this purpose.
Regarding severity levels, /usr/doc/debian/bug-maint-info.txt states:
The severity levels are:
critical
makes unrelated software on the system (or the whole system)
break, or causes serious data loss, or introduces a security
hole on systems where you install the package.
grave
makes the package in question unuseable or mostly so, or causes
data loss, or introduces a security hole allowing access to the
accounts of users who use the package.
"grave" is not enough (except for the "bug" case), severity must be
"critical".
-Topi
--
E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@lists.debian.org
Reply to: