Re: Bug#852172: dpkg: insecure use of temp file when upgrading conf file
On Sun, Jan 22, 2017 at 12:57:38PM +0100, Guillem Jover wrote:
> On Sun, 2017-01-22 at 11:56:59 +0100, Benoît wrote:
> > I'm upgrading openssh server and dpkg tells me about a new config file.
> > I usually find a .dist-something file beside the current file.
> > I couldn't.
> > Then I read carefully dpkg's message.
> > It's telling me to check a file with a hard-to-remember name in /tmp/.
> > And that file is world readable, unlike my current config file.
> >
> > I don't know if it's safe to have a sshd_config world-readable, but
> > some other package conf file may store secret information.
> > So puting the new file world readable in a world-readable dir doesn't
> > seem right to me.
> >
> > $ LANG=C ls -la /tmp/fileaURJMg /etc/ssh/sshd_config
> > -rw------- 1 root root 2425 Jan 28 2016 /etc/ssh/sshd_config
> > -rw-r--r-- 1 root root 3361 Jan 16 16:11 /tmp/fileaURJMg
>
> This would be due to the ucf usage (which TBH I always find slightly
> annoying), so I'm reassigning to ucf and marking as affecting
> openssh-server.
The temporary file here is the *packaged* version of the file, modified
only to take account of values set in the debconf database; it is by
definition world-readable, containing no secret information. There's no
information leak going on here.
--
Colin Watson [cjwatson@debian.org]
Reply to: