RFH: Insecure directory creation?
mach is a tool to create chroot of RPM based distros and to build RPM
packages. It has a SUID root wrapper which is only runnable by members
of the mach group. My attention was tickled by this lintian warning:
E: mach: dir-or-file-in-tmp var/tmp/mach/
I've mirrored the Debian packaging of mach on its RPM counter-part, and
this included creating a directory in /var/tmp with the package. This
seems a bad idea for too reasons:
- /var/tmp can be wiped anytime
- /var/tmp is world writable
I've brought up the issue upstream:
... but I failed convincing them that there is some security risk.
Would someone be so kind to either correct me or to help me word why
this is a bad idea?
Loïc Minier <firstname.lastname@example.org>
"Forget your stupid theme park! I'm gonna make my own! With hookers!
And blackjack! In fact, forget the theme park!" -- Bender