Re: File handling races in bzip2, bzip2recover

To: debian-devel@lists.debian.org
Cc: 56386@bugs.debian.org
Subject: Re: File handling races in bzip2, bzip2recover
From: Michael Stone <mstone@debian.org>
Date: Sat, 29 Jan 2000 10:17:38 -0500
Message-id: <[🔎] 20000129101738.R25528@justice.loyola.edu>
Mail-followup-to: debian-devel@lists.debian.org, 56386@bugs.debian.org

> 1) The file is opened after the test, in such a way that if a file is
> placed there between the test and the fopen, the file is silently
> overwritten.  Or a symlink could be placed there by a malicious user
> and then bzip2 would overwrite the file pointed at.  

So what? Are we going to audit every binary in the distribution for race
conditions? bzip isn't setuid and doesn't run with elevated permissions
by default. It would be nice to fix this, but I do not think it's
release critical.

> 2) (minor) The output file is initially opened with weak permissions,
> then chmod'ed. Again a race, where an attacker could access the file
> between creation and chmod.

I'm ambivalent about this one. On one hand, the user might not be aware
that the permissions on the final output were not preserved throughout
the process. On the other hand, the user's umask should be set
appropriately so that this doesn't matter.

In short, I think this is yet another case of bug severity inflation.
Please, people, remember that some bugs are not release critical.

-- 
Mike Stone

Reply to:

Prev by Date: Re: Scary bugs
Next by Date: Re: KDE: a plan how to solve that (No.2)
Previous by thread: ITP: xzgv
Next by thread: Why no package seems to take care of the new /dev/console device?
Index(es):
- Date
- Thread