Re: Bug#79620: dpkg-source must handle file permissions

To: debian-devel@lists.debian.org
Subject: Re: Bug#79620: dpkg-source must handle file permissions
From: Brian May <bam@debian.org>
Date: 15 Dec 2000 17:42:10 +1100
Message-id: <[🔎] 84zohyrxrx.fsf@snoopy.apana.org.au>
In-reply-to: wichert@valinux.com's message of "14 Dec 00 23:44:37 GMT"
References: <[🔎] 20001215003355.A27078@cistron.nl> <[🔎] Pine.LNX.3.96.1001215003830.20239A-100000@panic.et.tudelft.nl> <[🔎] 20001215004437.D27078@cistron.nl>

>>>>> "Wichert" == Wichert Akkerman <wichert@valinux.com> writes:

    Wichert> Previously J.A. Bezemer wrote:
    >> Investigate makepatch/applypatch from
    >> ftp://download.xs4all.nl/pub/mirror/CPAN/authors/Johan_Vromans/
    >> You can at least apply such a patch with the "standard tools"
    >> sh and patch, and making them with only sh and diff should be
    >> possible too.

    Wichert> Unpacking should *never* rely on executing sh code that
    Wichert> is part of the source package, that makes unpacking a
    Wichert> possible security risk.

Unpacking is already a huge security risk. As a simplistic example,
unpacking the following package could have serious consequences
especially if done by root:

[682] [snoopy:bam] ~/dangerous >tar -tzvf dangerous_0.0.tar.gz          
drwxr-xr-x bam/users         0 2000-12-15 17:06:21 dangerous-0.0/
lrwxrwxrwx bam/users         0 2000-12-15 17:06:21 dangerous-0.0/etc -> /etc
-rw-r--r-- bam/users       465 2000-12-15 17:06:21 dangerous-0.0/etc/nsswitch.conf
-rw-r--r-- bam/users      2568 2000-12-15 17:06:21 dangerous-0.0/etc/passwd
-rw-r--r-- bam/users        25 2000-12-15 17:06:21 dangerous-0.0/etc/shadow

(yes - this is easy to tell just by looking at the listing, but as the
number of files increases, manually checking will become harder).

As an example of unpacking as non-root (to prove that it really is
dangerous):

[680] [snoopy:bam] ~/dangerous >ls -l dangerous-0.0 
ls: dangerous-0.0: No such file or directory
[681] [snoopy:bam] ~/dangerous >dpkg-source -x dangerous_0.0.dsc
dpkg-source: extracting dangerous in dangerous-0.0
dpkg-source: failure: tar -xkf - gave error exit status 2
[682] [snoopy:bam] ~/dangerous >tar: dangerous-0.0/etc/nsswitch.conf: Cannot open: File exists
tar: dangerous-0.0/etc/passwd: Cannot open: File exists
tar: dangerous-0.0/etc/shadow: Cannot open: File exists
tar: Error exit delayed from previous errors

>From this errors it may not be obvious that tar is attempting to
replace /etc/nsswitch.conf, /etc/passwd, /etc/shadow, from files given
in the archive (because of the symlink).

I tried to find options for tar to make this safe (ie. but not
extracting symlinks), but couldn't find any.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Toni Mueller <deb-l@tonimueller.org>
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Herbert Xu <herbert@gondor.apana.org.au>
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Wichert Akkerman <wichert@valinux.com>

References:
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: "J.A. Bezemer" <costar@panic.et.tudelft.nl>
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Wichert Akkerman <wichert@valinux.com>

Prev by Date: ITP: rx320 -- control Ten-Tec RX-320 receiver
Next by Date: Re: ITP: OpenAL
Previous by thread: Re: Bug#79620: dpkg-source must handle file permissions
Next by thread: Re: Bug#79620: dpkg-source must handle file permissions
Index(es):
- Date
- Thread