[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#496360: closed by Romain Beauxis <toots@rastageeks.org> (Not a bug for us)

reopen 496360
thanks


Please do not close, if You want, change severity :)

user's files can be very important,
for example ~/.gnupg/*

if attacker creates symlink to its then your gpg's private key may be
	corrupted.


On 09:24 Mon 25 Aug     , Debian Bug Tracking System wrote:

DBTS> This is an automatic notification regarding your Bug report
DBTS> which was filed against the liguidsoap package:

DBTS> #496360: The possibility of attack with the help of symlinks in some Debian packages

DBTS> It has been closed by Romain Beauxis <toots@rastageeks.org>.

DBTS> Their explanation is attached below along with your original report.
DBTS> If this explanation is unsatisfactory and you have not received a
DBTS> better one in a separate message then please contact Romain Beauxis <toots@rastageeks.org> by
DBTS> replying to this email.

DBTS> --
DBTS> 496360: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496360
DBTS> Debian Bug Tracking System
DBTS> Contact owner@bugs.debian.org with problems

DBTS> Date: Mon, 25 Aug 2008 11:21:24 +0200
DBTS> From: Romain Beauxis <toots@rastageeks.org>
DBTS> To: 496360-done@bugs.debian.org
DBTS> Subject: Not a bug for us
DBTS> User-Agent: KMail/1.9.9
DBTS> Cc: "Dmitry E. Oboukhov" <dimka@uvw.ru>

DBTS> Hi !

DBTS> Indeed, liguidsoap uses files under /tmp to write logs and dump audio data
DBTS> during the live show.

DBTS> We don't consider this as a bug, but as feature (tm). Furthermore, this is
DBTS> known to the user, the name is predictible -- "/tmp/liguidsoap.log" -- and
DBTS> run manually by the user, with no root rights.

DBTS> It would be nice if your system could report scripts that are meant to be run
DBTS> as root, at least starting with maintainers scripts only...

DBTS> Romain

DBTS> Date: Sun, 24 Aug 2008 22:05:28 +0400
DBTS> From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
DBTS> To: submit@bugs.debian.org
DBTS> Subject: The possibility of attack with the help of
DBTS> symlinks in some Debian packages
DBTS> Cc: dimka@uvw.ru

DBTS> Package: liguidsoap
DBTS> Severity: grave

DBTS> Hi, maintainer!

DBTS> This message about the error concerns a few packages  at  once.   I've
DBTS> tested all the packages (for Lenny) on my Debian mirror.  All  scripts
DBTS> of packages (marked as executable) were tested.

DBTS> In some packages I've discovered scripts with errors which may be used
DBTS> by a user for damaging important system files or user's files.

DBTS> For example if a script uses in its work a temp file which is  created
DBTS> in /tmp directory, then every user can create symlink  with  the  same
DBTS> name in this directory in order to  destroy  or  rewrite  some  system
DBTS> or user file.  Symlink attack may also  lead  not  only  to  the  data
DBTS> desctruction but to denial of service as well.

DBTS> Even if you create files or directories with help of function 'RANDOM'
DBTS> or pid(), then your system is not protected. Attacker can create many
DBTS> symlinks in order to destroy your data or create 'denial  of  service'
DBTS> for your package scripts.

DBTS> Even if you make rm(dir) for files/directories, then  your  system  is
DBTS> not protected. Attacker can permanently create symlinks.

DBTS> This list is created with the help of script.  This list is sorted  by
DBTS> hand. Howewer in some cases mistake is possible.

DBTS> Please, Be understanding to possible mistakes. :)

DBTS> I set Severity into grave for this bug. The table of discovered
DBTS> problems is below.

DBTS> Discussion of this bug you can see in debian-devel@:
DBTS> http://lists.debian.org/debian-devel/2008/08/msg00271.html

DBTS> Binary-package: r-base-core-ra (1.1.1-1)
DBTS> file: /usr/lib/Ra/lib/R/bin/javareconf
DBTS> Binary-package: rccp (0.9-2)
DBTS> file: /usr/lib/rccp/delqueueask
DBTS> Binary-package: mafft (6.240-1)
DBTS> file: /usr/bin/mafft-homologs
DBTS> Binary-package: openoffice.org-common (1:2.4.1-6)
DBTS> file: /usr/lib/openoffice/program/senddoc
DBTS> Binary-package: crossfire-maps (1.11.0-1)
DBTS> file: /usr/share/games/crossfire/maps/Info/combine.pl
DBTS> Binary-package: sgml2x (1.0.0-11.1)
DBTS> file: /usr/bin/rlatex
DBTS> Binary-package: liguidsoap (0.3.6-4)
DBTS> file: /var/lib/liguidsoap/liguidsoap.py
DBTS> Binary-package: citadel-server (7.37-1)
DBTS> file: /usr/lib/citadel-server/migrate_aliases.sh
DBTS> Binary-package: ampache (3.4.1-1)
DBTS> file: /usr/share/ampache/www/locale/base/gather-messages.sh
DBTS> Binary-package: xen-utils-3.2-1 (3.2.1-2)
DBTS> file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
DBTS> Binary-package: dtc-common (0.29.6-1)
DBTS> file: /usr/share/dtc/admin/accesslog.php
DBTS> file: /usr/share/dtc/admin/sa-wrapper
DBTS> Binary-package: honeyd-common (1.5c-3)
DBTS> file: /usr/share/honeyd/scripts/test.sh
DBTS> Binary-package: lustre-tests (1.6.5-1)
DBTS> file: /usr/lib/lustre/tests/runiozone
DBTS> Binary-package: linuxtrade (3.65-8+b4)
DBTS> file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
DBTS> file: /usr/share/linuxtrade/bin/linuxtrade.wn
DBTS> file: /usr/share/linuxtrade/bin/moneyam.helper
DBTS> Binary-package: freevo (1.8.1-0)
DBTS> file: /usr/bin/freevo.real
DBTS> Binary-package: fml (4.0.3.dfsg-2)
DBTS> file: /usr/share/fml/libexec/mead.pl
DBTS> Binary-package: rkhunter (1.3.2-3)
DBTS> file: /usr/bin/rkhunter
DBTS> Binary-package: openswan (1:2.4.12+dfsg-1.1)
DBTS> file: /usr/lib/ipsec/livetest
DBTS> Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
DBTS> file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
DBTS> file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
DBTS> Binary-package: aptoncd (0.1-1.1)
DBTS> file: /usr/share/aptoncd/xmlfile.py
DBTS> Binary-package: cdcontrol (1.90-1.1)
DBTS> file: /usr/lib/cdcontrol/writtercontrol
DBTS> Binary-package: newsgate (1.6-23)
DBTS> file: /usr/bin/mkmailpost
DBTS> Binary-package: gpsdrive-scripts (2.10~pre4-3)
DBTS> file: /usr/bin/geo-code
DBTS> Binary-package: impose+ (0.2-11)
DBTS> file: /usr/bin/impose
DBTS> Binary-package: mgt (2.31-5)
DBTS> file: /usr/games/mailgo
DBTS> Binary-package: audiolink (0.05-1)
DBTS> file: /usr/bin/audiolink
DBTS> Binary-package: ibackup (2.27-4.1)
DBTS> file: /usr/bin/ibackup
DBTS> Binary-package: emacspeak (26.0-3)
DBTS> file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
DBTS> Binary-package: bk2site (1:1.1.9-3.1)
DBTS> file: /usr/lib/cgi-bin/bk2site/redirect.pl
DBTS> Binary-package: datafreedom-perl (0.1.7-1)
DBTS> file: /usr/bin/dfxml-invoice
DBTS> Binary-package: emacs-jabber (0.7.91-1)
DBTS> file: /usr/lib/emacsen-common/packages/install/emacs-jabber
DBTS> Binary-package: lmbench (3.0-a7-1)
DBTS> file: /usr/lib/lmbench/scripts/rccs
DBTS> file: /usr/lib/lmbench/scripts/STUFF
DBTS> Binary-package: rancid-util (2.3.2~a8-1)
DBTS> file: /var/lib/rancid/getipacctg
DBTS> Binary-package: ogle (0.9.2-5.2)
DBTS> file: /usr/lib/ogle/ogle_audio_debug
DBTS> file: /usr/lib/ogle/ogle_cli_debug
DBTS> file: /usr/lib/ogle/ogle_ctrl_debug
DBTS> file: /usr/lib/ogle/ogle_gui_debug
DBTS> file: /usr/lib/ogle/ogle_mpeg_ps_debug
DBTS> file: /usr/lib/ogle/ogle_mpeg_vs_debug
DBTS> file: /usr/lib/ogle/ogle_nav_debug
DBTS> file: /usr/lib/ogle/ogle_vout_debug
DBTS> Binary-package: firehol (1.256-4)
DBTS> file: /sbin/firehol
DBTS> Binary-package: aview (1.3.0rc1-8)
DBTS> file: /usr/bin/asciiview
DBTS> Binary-package: radiance (3R9+20080530-3)
DBTS> file: /usr/bin/optics2rad
DBTS> file: /usr/bin/pdelta
DBTS> file: /usr/bin/dayfact
DBTS> file: /usr/bin/raddepend
DBTS> Binary-package: vdr-dbg (1.6.0-5)
DBTS> file: /usr/bin/vdrleaktest
DBTS> Binary-package: ogle-mmx (0.9.2-5.2)
DBTS> file: /usr/lib/ogle/ogle_audio_debug
DBTS> file: /usr/lib/ogle/ogle_cli_debug
DBTS> file: /usr/lib/ogle/ogle_ctrl_debug
DBTS> file: /usr/lib/ogle/ogle_gui_debug
DBTS> file: /usr/lib/ogle/ogle_mpeg_ps_debug
DBTS> file: /usr/lib/ogle/ogle_mpeg_vs_debug
DBTS> file: /usr/lib/ogle/ogle_nav_debug
DBTS> file: /usr/lib/ogle/ogle_vout_debug
DBTS> Binary-package: convirt (0.8.2-3)
DBTS> file: /usr/share/convirt/image_store/_template_/provision.sh
DBTS> file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
DBTS> file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
DBTS> file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
DBTS> file: /usr/share/convirt/image_store/common/provision.sh
DBTS> file: /usr/share/convirt/image_store/example/provision.sh
DBTS> file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
DBTS> Binary-package: printfilters-ppd (2.13-9)
DBTS> file: /usr/lib/printfilters/master-filter
DBTS> Binary-package: r-base-core (2.7.1-1)
DBTS> file: /usr/lib/R/bin/javareconf
DBTS> file: /usr/lib/R/bin/javareconf.orig
DBTS> Binary-package: xmcd (2.6-19.3)
DBTS> file: /usr/share/xmcd/scripts/ncsarmt
DBTS> file: /usr/share/xmcd/scripts/ncsawrap
DBTS> Binary-package: tiger (1:3.2.2-3.1)
DBTS> file: /usr/lib/tiger/util/genmsgidx
DBTS> Binary-package: scilab-bin (4.1.2-5)
DBTS> file: /usr/lib/scilab-4.1.2/bin/scilink
DBTS> file: /usr/lib/scilab-4.1.2/util/scidoc
DBTS> file: /usr/lib/scilab-4.1.2/util/scidem
DBTS> Binary-package: dpkg-cross (2.3.0)
DBTS> file: /usr/share/dpkg-cross/bin/gccross
DBTS> Binary-package: ltp-network-test (20060918-2.1)
DBTS> file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
DBTS> file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
DBTS> Binary-package: cman (2.20080629-1)
DBTS> file: /usr/sbin/fence_egenera
DBTS> Binary-package: scratchbox2 (1.99.0.24-1)
DBTS> file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
DBTS> file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
DBTS> Binary-package: sendmail-base (8.14.3-5)
DBTS> file: /usr/sbin/checksendmail
DBTS> file: /usr/bin/expn
DBTS> Binary-package: fwbuilder (2.1.19-3)
DBTS> file: /usr/bin/fwb_install
DBTS> Binary-package: sng (1.0.2-5)
DBTS> file: /usr/bin/sng_regress
DBTS> Binary-package: dist (1:3.5-17-1)
DBTS> file: /usr/bin/patcil
DBTS> file: /usr/bin/patdiff
DBTS> Binary-package: sympa (5.3.4-5)
DBTS> file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
DBTS> file: /usr/lib/sympa/bin/sympa.pl
DBTS> Binary-package: postfix (2.5.2-2)
DBTS> file: /usr/lib/postfix_groups.pl
DBTS> Binary-package: caudium (3:1.4.12-11)
DBTS> file: /usr/share/caudium/configvar
DBTS> Binary-package: mgetty-fax (1.1.36-1.2)
DBTS> file: /usr/bin/faxspool
DBTS> Binary-package: aegis (4.24-3)
DBTS> file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
DBTS> file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
DBTS> file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
DBTS> file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
DBTS> Binary-package: aegis-web (4.24-3)
DBTS> file: /usr/lib/cgi-bin/aegis.cgi
DBTS> Binary-package: digitaldj (0.7.5-6+b1)
DBTS> file: /usr/share/digitaldj/fest.pl
DBTS> Binary-package: mon (0.99.2-12)
DBTS> file: /usr/lib/mon/alert.d/test.alert
DBTS> Binary-package: feta (1.4.16)
DBTS> file: /usr/share/feta/plugins/to-upgrade
DBTS> Binary-package: arb-common (0.0.20071207.1-4)
DBTS> file: /usr/lib/arb/SH/arb_fastdnaml
DBTS> file: /usr/lib/arb/SH/dszmconnect.pl
DBTS> Binary-package: qemu (0.9.1-5)
DBTS> file: /usr/sbin/qemu-make-debian-root
DBTS> Binary-package: apertium (3.0.7+1-1+b1)
DBTS> file: /usr/bin/apertium-gen-deformat
DBTS> file: /usr/bin/apertium-gen-reformat
DBTS> file: /usr/bin/apertium
DBTS> Binary-package: xcal (4.1-18.3)
DBTS> file: /usr/bin/pscal
DBTS> Binary-package: myspell-tools (1:3.1-20)
DBTS> file: /usr/bin/i2myspell
DBTS> Binary-package: gccxml (0.9.0+cvs20080525-1)
DBTS> file: /usr/share/gccxml-0.9/MIPSpro/find_flags
DBTS> Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
DBTS> file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
DBTS> file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
DBTS> file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
DBTS> file: /usr/share/freeradius-dialupadmin/bin/tot_stats
DBTS> file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
DBTS> Binary-package: dhis-server (5.3-1)
DBTS> file: /usr/lib/dhis-server/dhis-dummy-log-engine
DBTS> Binary-package: wims (3.62-13)
DBTS> file: /var/lib/wims/public_html/bin/coqweb
DBTS> file: /var/lib/wims/bin/account.sh
DBTS> Binary-package: initramfs-tools (0.92f)
DBTS> file: /usr/share/initramfs-tools/init
DBTS> Binary-package: realtimebattle-common (1.0.8-7)
DBTS> file: /usr/lib/realtimebattle/Robots/perl.robot
DBTS> Binary-package: netmrg (0.20-1)
DBTS> file: /usr/bin/rrdedit
DBTS> Binary-package: bulmages-servers (0.11.1-2)
DBTS> file: /usr/share/bulmages/examples/scripts/actualizabulmacont
DBTS> file: /usr/share/bulmages/examples/scripts/installbulmages-db
DBTS> file: /usr/share/bulmages/examples/scripts/creabulmafact
DBTS> file: /usr/share/bulmages/examples/scripts/creabulmacont
DBTS> file: /usr/share/bulmages/examples/scripts/actualizabulmafact
DBTS> Binary-package: xastir (1.9.2-1)
DBTS> file: /usr/lib/xastir/get-maptools.sh
DBTS> file: /usr/lib/xastir/get_shapelib.sh
DBTS> Binary-package: plait (1.5.2-1)
DBTS> file: /usr/bin/plaiter
DBTS> file: /usr/bin/plait
DBTS> Binary-package: cdrw-taper (0.4-2)
DBTS> file: /usr/sbin/amlabel-cdrw
DBTS> Binary-package: konwert-filters (1.8-11.1)
DBTS> file: /usr/share/konwert/filters/any-UTF8
DBTS> Binary-package: gdrae (0.1-1)
DBTS> file: /usr/bin/gdrae
DBTS> Binary-package: lazarus-src (0.9.24-0-9)
DBTS> file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh
--

. ''`. Dmitry E. Oboukhov
: :’  : unera@debian.org
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537

Attachment: signature.asc
Description: Digital signature

Reply to: