[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

The script in attach looks through a mirror of a specified distributive
and makes a search of '>\s*/tmp/' and 'tee [^|]*/tmp/' constructions.

It finds less errors then I've found earlier however the results of its
work are more accurate.

The script looks through all the files of packages marked as executable.
That is even if the script is in /usr/share/doc and is marked as
executable it will be tested nevertheless.

The full viewing of a mirror takes a few hours.
Later I shall publish the reports on lenny (already attached) and etch.
:)

attaches: 
    report of lenny: http://uvw.ru/report.lenny.txt
    script: http://uvw.ru/find_the_bug2.sh

Somebody may rewrite 'check' section of script ;)

short report of lenny:

Package: aegis
Version: 4.24-3
	 /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
	 /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
	 /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
	 /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh

Package: aegis-web
Version: 4.24-3
	 /usr/lib/cgi-bin/aegis.cgi

Package: ampache
Version: 3.4.1-1
	 /usr/share/ampache/www/locale/base/gather-messages.sh

Package: apertium
Version: 3.0.7+1-1+b1
	 /usr/bin/apertium-gen-deformat
	 /usr/bin/apertium-gen-reformat
	 /usr/bin/apertium

Package: aptoncd
Version: 0.1-1.1
	 /usr/share/aptoncd/xmlfile.py

Package: ara-byte
Version: 1.0.25
	 /usr/bin/ara

Package: arb-common
Version: 0.0.20071207.1-4
	 /usr/lib/arb/SH/arb_fastdnaml
	 /usr/lib/arb/SH/dszmconnect.pl

Package: audiolink
Version: 0.05-1
	 /usr/bin/audiolink

Package: aview
Version: 1.3.0rc1-8
	 /usr/bin/asciiview

Package: bacula-common
Version: 2.4.2-1
	 /usr/share/doc/bacula-common/examples/autochangers/mtx-changer.Adic-Scala=
r-24

Package: bash-doc
Version: 3.2-4
	 /usr/share/doc/bash/examples/misc/aliasconv.sh
	 /usr/share/doc/bash/examples/misc/aliasconv.bash
	 /usr/share/doc/bash/examples/misc/cshtobash

Package: bk2site
Version: 1:1.1.9-3.1
	 /usr/lib/cgi-bin/bk2site/redirect.pl

Package: bulmages-servers
Version: 0.11.1-2
	 /usr/share/bulmages/examples/scripts/actualizabulmacont
	 /usr/share/bulmages/examples/scripts/installbulmages-db
	 /usr/share/bulmages/examples/scripts/creabulmafact
	 /usr/share/bulmages/examples/scripts/creabulmacont
	 /usr/share/bulmages/examples/scripts/actualizabulmafact

Package: caudium
Version: 3:1.4.12-11
	 /usr/share/caudium/configvar

Package: cdcontrol
Version: 1.90-1.1
	 /usr/lib/cdcontrol/writtercontrol

Package: cdrw-taper
Version: 0.4-2
	 /usr/sbin/amlabel-cdrw

Package: citadel-server
Version: 7.37-1
	 /usr/lib/citadel-server/migrate_aliases.sh

Package: cman
Version: 2.20080629-1
	 /usr/sbin/fence_egenera

Package: cmus
Version: 2.2.0-1+b1
	 /usr/share/doc/cmus/examples/cmus-status-display

Package: convirt
Version: 0.8.2-3
	 /usr/share/convirt/image_store/_template_/provision.sh
	 /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
	 /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
	 /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
	 /usr/share/convirt/image_store/common/provision.sh
	 /usr/share/convirt/image_store/example/provision.sh
	 /usr/share/convirt/image_store/Windows_CD_Install/provision.sh

Package: crossfire-maps
Version: 1.11.0-1
	 /usr/share/games/crossfire/maps/Info/combine.pl

Package: ctn
Version: 3.0.6-12
	 /usr/share/doc/ctn/examples/add-accession-numbers

Package: cups
Version: 1.3.7-9
	 /usr/share/doc/cups/examples/pstopdf

Package: datafreedom-perl
Version: 0.1.7-1
	 /usr/bin/dfxml-invoice

Package: decompyle
Version: 2.3.2-4+b1
	 /usr/bin/decompyle

Package: dhis-server
Version: 5.3-1
	 /usr/lib/dhis-server/dhis-dummy-log-engine

Package: digitaldj
Version: 0.7.5-6+b1
	 /usr/share/digitaldj/fest.pl

Package: dist
Version: 1:3.5-17-1
	 /usr/bin/patcil
	 /usr/bin/patdiff

Package: docvert
Version: 3.4-4
	 /usr/share/docvert/core/lib/pyodconverter/test-pipe-to-pyodconverter.org.=
sh

Package: dpkg-cross
Version: 2.3.0
	 /usr/share/dpkg-cross/bin/gccross

Package: dtc-common
Version: 0.29.6-1
	 /usr/share/dtc/admin/accesslog.php
	 /usr/share/dtc/admin/sa-wrapper

Package: emacs-jabber
Version: 0.7.91-1
	 /usr/lib/emacsen-common/packages/install/emacs-jabber

Package: emacspeak
Version: 26.0-3
	 /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl

Package: feta
Version: 1.4.16
	 /usr/share/feta/plugins/to-upgrade

Package: firehol
Version: 1.256-4
	 /sbin/firehol

Package: fml
Version: 4.0.3.dfsg-2
	 /usr/share/fml/libexec/mead.pl

Package: freeradius-dialupadmin
Version: 2.0.4+dfsg-4
	 /usr/share/freeradius-dialupadmin/bin/backup_radacct
	 /usr/share/freeradius-dialupadmin/bin/clean_radacct
	 /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
	 /usr/share/freeradius-dialupadmin/bin/tot_stats
	 /usr/share/freeradius-dialupadmin/bin/truncate_radacct

Package: freevo
Version: 1.8.1-0
	 /usr/bin/freevo.real

Package: fwbuilder
Version: 2.1.19-3
	 /usr/bin/fwb_install

Package: gccxml
Version: 0.9.0+cvs20080525-1
	 /usr/share/gccxml-0.9/MIPSpro/find_flags

Package: gdrae
Version: 0.1-1
	 /usr/bin/gdrae

Package: geda-gnetlist
Version: 1:1.4.0-2
	 /usr/share/doc/geda-gnetlist/examples/scripts/sch2eaglepos.sh

Package: gpsdrive-scripts
Version: 2.10~pre4-3
	 /usr/bin/geo-code

Package: honeyd-common
Version: 1.5c-3
	 /usr/share/honeyd/scripts/test.sh

Package: ibackup
Version: 2.27-4.1
	 /usr/bin/ibackup

Package: impose+
Version: 0.2-11
	 /usr/bin/impose

Package: initramfs-tools
Version: 0.92e
	 /usr/share/initramfs-tools/init

Package: konwert-filters
Version: 1.8-11.1
	 /usr/share/konwert/filters/any-UTF8

Package: lazarus-src
Version: 0.9.24-0-9
	 /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh

Package: libncbi6
Version: 6.1.20080302-3
	 /usr/share/doc/libncbi6/examples/fwd_check.sh

Package: liguidsoap
Version: 0.3.6-4
	 /var/lib/liguidsoap/liguidsoap.py

Package: linux-patch-openswan
Version: 1:2.4.12+dfsg-1.1
	 /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
	 /usr/src/kernel-patches/all/openswan/packaging/utils/maytest

Package: linuxtrade
Version: 3.65-8+b4
	 /usr/share/linuxtrade/bin/linuxtrade.bwkvol
	 /usr/share/linuxtrade/bin/linuxtrade.wn
	 /usr/share/linuxtrade/bin/moneyam.helper

Package: lire
Version: 2:2.0.3-1
	 /usr/share/lire/lib/lire/convertors/postfix2dlf_pre
	 /usr/share/lire/lib/lire/convertors/ms_isa2dlf

Package: lmbench
Version: 3.0-a7-1
	 /usr/lib/lmbench/scripts/rccs
	 /usr/lib/lmbench/scripts/STUFF

Package: lustre-tests
Version: 1.6.5-1
	 /usr/lib/lustre/tests/runiozone

Package: mafft
Version: 6.240-1
	 /usr/bin/mafft-homologs

Package: maildirsync
Version: 1.1-2
	 /usr/share/doc/maildirsync/examples/sample.sh

Package: mayavi
Version: 1.5-5
	 /usr/share/python-support/mayavi/vtkPipeline/test_parser.py

Package: mgetty-fax
Version: 1.1.36-1.2
	 /usr/bin/faxspool

Package: mgt
Version: 2.31-5
	 /usr/games/mailgo

Package: mh-book
Version: 200605-1
	 /usr/share/doc/mh-book/examples/mh/bin/inmail-show

Package: mon
Version: 0.99.2-12
	 /usr/lib/mon/alert.d/test.alert

Package: myspell-tools
Version: 1:3.1-20
	 /usr/bin/i2myspell

Package: netmrg
Version: 0.20-1
	 /usr/bin/rrdedit

Package: newsgate
Version: 1.6-23
	 /usr/bin/mkmailpost

Package: ocsinventory-agent
Version: 1:0.0.9.2repack1-2
	 /usr/bin/ocsinventory-agent

Package: ogle
Version: 0.9.2-5.1
	 /usr/lib/ogle/ogle_gui_debug
	 /usr/lib/ogle/ogle_mpeg_ps_debug
	 /usr/lib/ogle/ogle_ctrl_debug
	 /usr/lib/ogle/ogle_vout_debug
	 /usr/lib/ogle/ogle_cli_debug
	 /usr/lib/ogle/ogle_audio_debug
	 /usr/lib/ogle/ogle_mpeg_vs_debug
	 /usr/lib/ogle/ogle_nav_debug

Package: ogle-mmx
Version: 0.9.2-5.1
	 /usr/lib/ogle/ogle_gui_debug
	 /usr/lib/ogle/ogle_mpeg_ps_debug
	 /usr/lib/ogle/ogle_ctrl_debug
	 /usr/lib/ogle/ogle_vout_debug
	 /usr/lib/ogle/ogle_cli_debug
	 /usr/lib/ogle/ogle_audio_debug
	 /usr/lib/ogle/ogle_mpeg_vs_debug
	 /usr/lib/ogle/ogle_nav_debug

Package: openoffice.org-common
Version: 1:2.4.1-6
	 /usr/lib/openoffice/program/senddoc

Package: openswan
Version: 1:2.4.12+dfsg-1.1
	 /usr/lib/ipsec/livetest

Package: p3nfs
Version: 5.19-1.1
	 /usr/share/doc/p3nfs/examples/bluetooth.rc

Package: plait
Version: 1.5.2-1
	 /usr/bin/plaiter
	 /usr/bin/plait

Package: postfix
Version: 2.5.2-2
	 /usr/lib/postfix_groups.pl

Package: printfilters-ppd
Version: 2.13-9
	 /usr/lib/printfilters/master-filter

Package: qemu
Version: 0.9.1-5
	 /usr/sbin/qemu-make-debian-root

Package: radiance
Version: 3R9+20080530-3
	 /usr/bin/optics2rad
	 /usr/bin/pdelta
	 /usr/bin/dayfact
	 /usr/bin/raddepend

Package: rancid-util
Version: 2.3.2~a8-1
	 /var/lib/rancid/getipacctg

Package: r-base-core
Version: 2.7.1-1
	 /usr/lib/R/bin/javareconf
	 /usr/lib/R/bin/javareconf.orig

Package: r-base-core-ra
Version: 1.1.1-1
	 /usr/lib/Ra/lib/R/bin/javareconf

Package: rccp
Version: 0.9-2
	 /usr/lib/rccp/delqueueask

Package: realtimebattle-common
Version: 1.0.8-7
	 /usr/lib/realtimebattle/Robots/perl.robot

Package: rkhunter
Version: 1.3.2-3
	 /usr/bin/rkhunter

Package: scilab-bin
Version: 4.1.2-5
	 /usr/lib/scilab-4.1.2/bin/scilink
	 /usr/lib/scilab-4.1.2/util/scidoc
	 /usr/lib/scilab-4.1.2/util/scidem

Package: scratchbox2
Version: 1.99.0.24-1
	 /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
	 /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings

Package: sendmail-base
Version: 8.14.3-5
	 /usr/sbin/checksendmail
	 /usr/bin/expn

Package: sgml2x
Version: 1.0.0-11.1
	 /usr/bin/rlatex

Package: smsclient
Version: 2.0.8z-10
	 /usr/share/doc/smsclient/examples/contrib/mail2sms-shell/mail2sms.sh

Package: sng
Version: 1.0.2-5
	 /usr/bin/sng_regress

Package: socat
Version: 1.6.0.1-1
	 /usr/share/doc/socat/examples/readline.sh

Package: sympa
Version: 5.3.4-5
	 /usr/lib/cgi-bin/sympa/wwsympa.fcgi
	 /usr/lib/sympa/bin/sympa.pl

Package: tiger
Version: 1:3.2.2-3.1
	 /usr/lib/tiger/util/genmsgidx

Package: vdr-dbg
Version: 1.6.0-5
	 /usr/bin/vdrleaktest

Package: wims
Version: 3.62-13
	 /var/lib/wims/public_html/bin/coqweb
	 /var/lib/wims/bin/account.sh

Package: xara-gtk-byte
Version: 1.0.25
	 /usr/bin/xara

Package: xastir
Version: 1.9.2-1
	 /usr/lib/xastir/get-maptools.sh
	 /usr/lib/xastir/get_shapelib.sh

Package: xcal
Version: 4.1-18.3
	 /usr/bin/pscal

Package: xdialog
Version: 2.3.1-2
	 /usr/share/doc/xdialog/examples/checklist
	 /usr/share/doc/xdialog/examples/editbox
	 /usr/share/doc/xdialog/examples/inputbox
	 /usr/share/doc/xdialog/examples/install-wrapper
	 /usr/share/doc/xdialog/examples/kernel
	 /usr/share/doc/xdialog/examples/menubox
	 /usr/share/doc/xdialog/examples/radiolist
	 /usr/share/doc/xdialog/examples/set-time
	 /usr/share/doc/xdialog/examples/textbox

Package: xen-utils-3.2-1
Version: 3.2.1-2
	 /usr/lib/xen-3.2-1/bin/qemu-dm.debug

Package: xmcd
Version: 2.6-19.3
	 /usr/share/xmcd/scripts/ncsarmt
	 /usr/share/xmcd/scripts/ncsawrap
--
... mpd playing: U.D.O. - Holy

. ''`. Dmitry E. Oboukhov
: :’  : unera@debian.org
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537

Attachment: signature.asc
Description: Digital signature

Reply to: