Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
On Mon, 11 Aug 2008 10:57:56 +0400, Dmitry E. Oboukhov wrote:
> Package: mplayer nws ppp twiki
> Severity: grave
> Tags: security
>
> This message about the error concerns a few packages at once. I've
> tested all the packages on my Debian mirror. (post|pre)(inst|rm) and
> config scripts were tested.
>
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files.
>
> For example if a script uses in its work a temp file which is created
> in /tmp directory, then every user can create symlink with the same
> name in this directory in order to destroy or rewrite some
system
> file.
A while ago, the use of libpam-tmpdir was suggested in order to mitigate
some of these attacks. It would be nice to see it in use by default, some
day.
Obviously there will always be some programs that don't look at the
TMPDIR environment variable and directly use /tmp. Isn't there some fancy
thing in current kernels that allows /tmp to be mounted individually for
each user?
--
Sam Morris
http://robots.org.uk/
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
Reply to: