[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

On Mon, 11 Aug 2008 10:57:56 +0400, Dmitry E. Oboukhov wrote:

> Package: mplayer nws ppp twiki
> Severity: grave
> Tags: security
> This message about the error concerns a few packages  at  once.   I've
> tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
> config scripts were tested.
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files.
> For example if a script uses in its work a temp file which is  created
> in /tmp directory, then every user can create symlink  with  the  same
> name in this directory in order to  destroy  or  rewrite  some	
> file.

A while ago, the use of libpam-tmpdir was suggested in order to mitigate 
some of these attacks. It would be nice to see it in use by default, some 

Obviously there will always be some programs that don't look at the 
TMPDIR environment variable and directly use /tmp. Isn't there some fancy 
thing in current kernels that allows /tmp to be mounted individually for 
each user?

Sam Morris
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078

Reply to: