Bug#286379: Lintian insecure removal bug (#286379)

To: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Cc: 286379@bugs.debian.org, team@security.debian.org
Subject: Bug#286379: Lintian insecure removal bug (#286379)
From: Martin Schulze <joey@infodrom.org>
Date: Tue, 21 Dec 2004 15:26:12 +0100
Message-id: <[🔎] 20041221142612.GU7329@finlandia.infodrom.north.de>
Reply-to: Martin Schulze <joey@infodrom.org>, 286379@bugs.debian.org
In-reply-to: <[🔎] 20041221121603.GH380@A-Eskwadraat.nl>
References: <[🔎] 20041220193126.GF380@A-Eskwadraat.nl> <[🔎] 20041220194353.GB7329@finlandia.infodrom.north.de> <[🔎] 20041220195701.GT18313@A-Eskwadraat.nl> <[🔎] 20041221043929.GD7329@finlandia.infodrom.north.de> <[🔎] 20041221121603.GH380@A-Eskwadraat.nl>

Jeroen van Wolffelaar wrote:
> clone 286379 -1
> # why isn't there a BTS tag for 'disputed' or something??
> retitle 286379 [lib/Lab] Lintian lab created unsafely, disputed
> retitle -1 [CAN-2004-1000] [lib/Lab] Insecurely removes files after lab failed to be created
> tags -1 confirmed woody sarge sid
> severity -1 grave
> thanks
> 
> On Tue, Dec 21, 2004 at 05:39:29AM +0100, Martin Schulze wrote:
> > Ah.  Then I did not understand you inded.  I'd be glad for a fixed
> > package sent to the security team.
> 
> Ok, since you confirm this is a security issue, cloned and severity set
> to grave.
> 
> The originally reported issue is still under discussion, feel free to
> give your opinion there if you wish.

I haven't verified that this code is executed for each lintian execution.
However, if it is, then its an issue since the process does not fail if
mkdir fails, instead the directory is used.

Regards,

	Joey

-- 
The only stupid question is the unasked one.

Please always Cc to me when replying to me on the lists.

Reply to:

Follow-Ups:
- Bug#286379: Lintian insecure removal bug (#286379)
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>

References:
- Bug#286379: Lintian insecure removal bug (#286379)
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
- Bug#286379: Lintian insecure removal bug (#286379)
  - From: Martin Schulze <joey@infodrom.org>
- Bug#286379: Lintian insecure removal bug (#286379)
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
- Bug#286379: Lintian insecure removal bug (#286379)
  - From: Martin Schulze <joey@infodrom.org>
- Bug#286379: Lintian insecure removal bug (#286379)
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>

Prev by Date: Processed: Re: Bug#286379: Lintian insecure removal bug (#286379)
Next by Date: Bug#286379: Lintian insecure removal bug (#286379)
Previous by thread: Processed: Re: Bug#286379: Lintian insecure removal bug (#286379)
Next by thread: Bug#286379: Lintian insecure removal bug (#286379)
Index(es):
- Date
- Thread