[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#606543: clamav-freshclam: affected by privilege escalation vulnerability in logrotate

On Fri, Dec 10, 2010 at 9:43 AM, Michael Tautschnig <mt@debian.org> wrote:
>> These lines from this package's maintainer scripts suggest that it likely
>> is affected by the vulnerability:
>> ---------------------------------------------------------------------------
>> chown "$dbowner":adm $FRESHCLAMLOGFILE
>> ---------------------------------------------------------------------------
> What is wrong about these two lines? And even from ...

It suggests the daemon itself creates the file. Copytruncate suggests
logrotate also creates the file.
Logrotate runs as root, so if the attacker (running as daemon user)
creates the symlink, logrotate might overwrite an arbitrary file (I


Reply to: