[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RFH: Insecure directory creation?

        Hi there,

 mach is a tool to create chroot of RPM based distros and to build RPM
 packages.  It has a SUID root wrapper which is only runnable by members
 of the mach group.  My attention was tickled by this lintian warning:
    E: mach: dir-or-file-in-tmp var/tmp/mach/

 I've mirrored the Debian packaging of mach on its RPM counter-part, and
 this included creating a directory in /var/tmp with the package.  This
 seems a bad idea for too reasons:
 - /var/tmp can be wiped anytime
 - /var/tmp is world writable

 I've brought up the issue upstream:

 ... but I failed convincing them that there is some security risk.

 Would someone be so kind to either correct me or to help me word why
 this is a bad idea?

Loïc Minier <lool@dooz.org>
 "Forget your stupid theme park! I'm gonna make my own! With hookers!
  And blackjack! In fact, forget the theme park!"          -- Bender

Reply to: