Bug#857740: live-build: /etc/resolv.conf has unsafe permissions when copied from config/includes.chroot

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#857740: live-build: /etc/resolv.conf has unsafe permissions when copied from config/includes.chroot
From: intrigeri@debian.org
Date: Tue, 14 Mar 2017 15:53:26 +0100
Message-id: <[🔎] 851stz9aft.fsf@boum.org>
Reply-to: intrigeri@debian.org, 857740@bugs.debian.org

Package: live-build
Severity: normal
Version: 1:20170213
Tags: security
User: tails-dev@boum.org
Usertags: misc-reported

Hi!

when the config/includes.chroot/etc/resolv.conf file exists in the
source tree, it is copied into the rootfs with "cp -a". So for
example, if I've cloned a lb config source tree using Git as my user,
the resulting live system has a /etc/resolv.conf owned by 1000:1000,
and thus writable by the default live user. Depending on the exact
context in which the live system is used, the security impact can be
non-existent or rather severe.

Disclaimer: I've only verified this behavior on Tails' patched
live-build 2.x. Sorry! But the affected code looks very much the same
on the current master branch.

Cheers,
-- 
intrigeri

Reply to:

Prev by Date: Re: 8.8 planning
Next by Date: Re: DL (jessie 8): I can't watch either youtube or vimeo viedos using konqueror ...
Previous by thread: Re: 8.8 planning
Next by thread: Strange observation
Index(es):
- Date
- Thread