Bug#857740: live-build: /etc/resolv.conf has unsafe permissions when copied from config/includes.chroot

To: 857740@bugs.debian.org
Subject: Bug#857740: live-build: /etc/resolv.conf has unsafe permissions when copied from config/includes.chroot
From: jnqnfe@gmail.com
Date: Fri, 10 Apr 2020 02:30:08 +0100
Message-id: <[🔎] 3a0d89bc3a3b562304e884355133389410106385.camel@gmail.com>
Reply-to: jnqnfe@gmail.com, 857740@bugs.debian.org
In-reply-to: <851stz9aft.fsf@boum.org>
References: <851stz9aft.fsf@boum.org> <851stz9aft.fsf@boum.org>

Confirmed, this is still a problem. I'll make a patch right now.

On Tue, 14 Mar 2017 15:53:26 +0100 intrigeri@debian.org wrote:
> Package: live-build
> Severity: normal
> Version: 1:20170213
> Tags: security
> User: tails-dev@boum.org
> Usertags: misc-reported
> 
> Hi!
> 
> when the config/includes.chroot/etc/resolv.conf file exists in the
> source tree, it is copied into the rootfs with "cp -a". So for
> example, if I've cloned a lb config source tree using Git as my user,
> the resulting live system has a /etc/resolv.conf owned by 1000:1000,
> and thus writable by the default live user. Depending on the exact
> context in which the live system is used, the security impact can be
> non-existent or rather severe.
> 
> Disclaimer: I've only verified this behavior on Tails' patched
> live-build 2.x. Sorry! But the affected code looks very much the same
> on the current master branch.
> 
> Cheers,
> -- 
> intrigeri
> 
>

Reply to:

Follow-Ups:
- Bug#857740: live-build: /etc/resolv.conf has unsafe permissions when copied from config/includes.chroot
  - From: jnqnfe@gmail.com

Prev by Date: Processed: reassign and close old bug
Next by Date: Bug#857740: live-build: /etc/resolv.conf has unsafe permissions when copied from config/includes.chroot
Previous by thread: Processed: reassign and close old bug
Next by thread: Bug#857740: live-build: /etc/resolv.conf has unsafe permissions when copied from config/includes.chroot
Index(es):
- Date
- Thread