RFH: Insecure directory creation?

To: Debian Security <debian-security@lists.debian.org>
Subject: RFH: Insecure directory creation?
From: Loïc Minier <lool+debian@via.ecp.fr>
Date: Fri, 22 Dec 2006 13:51:20 +0100
Message-id: <[🔎] 20061222125120.GB2442@bee.dooz.org>
Mail-followup-to: Debian Security <debian-security@lists.debian.org>

        Hi there,

 mach is a tool to create chroot of RPM based distros and to build RPM
 packages.  It has a SUID root wrapper which is only runnable by members
 of the mach group.  My attention was tickled by this lintian warning:
    E: mach: dir-or-file-in-tmp var/tmp/mach/

 I've mirrored the Debian packaging of mach on its RPM counter-part, and
 this included creating a directory in /var/tmp with the package.  This
 seems a bad idea for too reasons:
 - /var/tmp can be wiped anytime
 - /var/tmp is world writable

 I've brought up the issue upstream:
 https://sourceforge.net/mailarchive/forum.php?thread_id=31117825&forum_id=35925

 ... but I failed convincing them that there is some security risk.

 Would someone be so kind to either correct me or to help me word why
 this is a bad idea?

   Thanks,
-- 
Loïc Minier <lool@dooz.org>
 "Forget your stupid theme park! I'm gonna make my own! With hookers!
  And blackjack! In fact, forget the theme park!"          -- Bender

Reply to:

Follow-Ups:
- Re: RFH: Insecure directory creation?
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Security update changelogs?
Next by Date: REÂ : [SECURITY] [DSA-1240-1] ...
Previous by thread: Security update changelogs?
Next by thread: Re: RFH: Insecure directory creation?
Index(es):
- Date
- Thread