[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#496410: The possibility of attack with the help of symlinks in some Debian packages

On Mon, Aug 25, 2008 at 10:40:31AM +0400, Dmitry E. Oboukhov wrote:
> On 13:15 Sun 24 Aug     , Steve Langasek wrote:
> SL> severity 496410 important
> SL> thanks

> You are mistake :)

> Your script places in /usr/sbin, ie it runs with root privs.
> If I create symlink /etc/shadow -> /tmp/eglog and You start this script,
> then your system 'll damaged.

The standard for grave-severity security bugs in Debian is "can be used by
an attacker to gain control of an account of a user who uses this package",
not "can be used by an attacker to create a Denial of Service by breaking
the system".  Writing this garbage to /etc/shadow will not result in
privilege escalation, it will only result in a broken system; therefore, it
is my understanding that this is not a grave bug.

So I don't think I've made a mistake here.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org
Reply to: