Re: Bug#852172: dpkg: insecure use of temp file when upgrading conf file
Control: reassign -1 ucf
Control: affects -1 openssh-server
On Sun, 2017-01-22 at 11:56:59 +0100, Benoît wrote:
> Package: dpkg
> Version: 1.18.7
> Severity: normal
> I'm upgrading openssh server and dpkg tells me about a new config file.
> I usually find a .dist-something file beside the current file.
> I couldn't.
> Then I read carefully dpkg's message.
> It's telling me to check a file with a hard-to-remember name in /tmp/.
> And that file is world readable, unlike my current config file.
>
> I don't know if it's safe to have a sshd_config world-readable, but
> some other package conf file may store secret information.
> So puting the new file world readable in a world-readable dir doesn't
> seem right to me.
>
> $ LANG=C ls -la /tmp/fileaURJMg /etc/ssh/sshd_config
> -rw------- 1 root root 2425 Jan 28 2016 /etc/ssh/sshd_config
> -rw-r--r-- 1 root root 3361 Jan 16 16:11 /tmp/fileaURJMg
This would be due to the ucf usage (which TBH I always find slightly
annoying), so I'm reassigning to ucf and marking as affecting
openssh-server.
(Arguably the only reason openssh needs to use ucf is due to deficiencies
in dpkg conffile handling. :( )
Thanks,
Guillem
Reply to: