Re: Bug#495705: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
"Dmitry E. Oboukhov" <unera@debian.org> writes:
> Package: lintian
> Tags: patch, security
> Severity: wishlist
>
> Hello, lintan maintainers!
> please, see full discussion in -devel:
> http://lists.debian.org/debian-devel/2008/08/msg00271.html
> for example, see the bug
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648
> (if attacker makes symlink from /tmp/twiki to /etc/shadow, then
> he takes full access to the system (when twiki installs or
> upgrades))
>
> I wrote the check script for the lintian package. This additional check
> verifies the debian packages for the presents of the discussed bug.
Lintian already checks for this. If the current check is not sufficient
(which is certainly believable), it should be improved, rather than adding
a new, separate check. See
possibly-insecure-handling-of-tmp-files-in-maintainer-script.
This, like various other checks, should be extended to more than just
maintainer scripts, which requires some additional infrastruture work on
the lintian script checking.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: