Re: Bug#79620: dpkg-source must handle file permissions

To: debian-devel@lists.debian.org
Subject: Re: Bug#79620: dpkg-source must handle file permissions
From: Colin Phipps <cph@netcraft.com>
Date: Fri, 15 Dec 2000 11:04:30 +0000
Message-id: <[🔎] 20001215110430.B23446@ns0.netcraft.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 200012151049.eBFAn9504199@gondor.apana.org.au>; from herbert@gondor.apana.org.au on Fri, Dec 15, 2000 at 09:49:09PM +1100
References: <[🔎] 20001215003355.A27078@cistron.nl> <[🔎] 200012151049.eBFAn9504199@gondor.apana.org.au>

On Fri, Dec 15, 2000 at 09:49:09PM +1100, Herbert Xu wrote:
> Brian May <bam@debian.org> wrote:
> >
> > Unpacking is already a huge security risk. As a simplistic example,
> > unpacking the following package could have serious consequences
> > especially if done by root:
> 
> > [682] [snoopy:bam] ~/dangerous >tar -tzvf dangerous_0.0.tar.gz          
> > drwxr-xr-x bam/users         0 2000-12-15 17:06:21 dangerous-0.0/
> > lrwxrwxrwx bam/users         0 2000-12-15 17:06:21 dangerous-0.0/etc -> /etc
> > -rw-r--r-- bam/users       465 2000-12-15 17:06:21 dangerous-0.0/etc/nsswitch.conf
> > -rw-r--r-- bam/users      2568 2000-12-15 17:06:21 dangerous-0.0/etc/passwd
> > -rw-r--r-- bam/users        25 2000-12-15 17:06:21 dangerous-0.0/etc/shadow
> 
> Try --keep-old-files

Try /etc/nologin, /etc/cron.daily/mailmetherootpassword

-- 
Colin Phipps                            http://www.cph.demon.co.uk/

Reply to:

References:
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: Bug#79620: dpkg-source must handle file permissions
  - From: Herbert Xu <herbert@gondor.apana.org.au>

Prev by Date: Racing condition in Sawfish 0.33.1
Next by Date: Re: [OT] Word-of-the-Day: Debian (fwd)
Previous by thread: Re: Bug#79620: dpkg-source must handle file permissions
Next by thread: Re: Bug#79620: dpkg-source must handle file permissions
Index(es):
- Date
- Thread