Bug#609097: About scannedonly packaging

To: 609097@bugs.debian.org, Bastien ROUCARIES <roucaries.bastien@gmail.com>
Cc: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>, Falk Hackenberger <debian@spam.huckley.de>
Subject: Bug#609097: About scannedonly packaging
From: Mathieu Parent <math.parent@gmail.com>
Date: Wed, 20 Mar 2013 17:52:14 +0100
Message-id: <[🔎] CAFX5sbzzc-840gRrHFZ=Rx4Ur5t-0z5y8Y=72fy6JPAkNuu_eQ@mail.gmail.com>
Reply-to: Mathieu Parent <math.parent@gmail.com>, 609097@bugs.debian.org

Hi all,

I have setup a basic package for scannedonly, I don't intend to upload
it yet as:
- I have to test it more carefully (basic function works)
- I will only upload it if I use it myself

It's here:
http://anonscm.debian.org/gitweb/?p=pkg-samba/scannedonly.git

Bastien ROUCARIES said:
> Ok I understand but it is insecure at least create a random secret
> extension. And filter this extension. A malicious user could try to
> race with the daemon, creating a .scanned file and an infected file.
> sometime it will succeed and the file will be declared sane whereas it
> is not sane.

I have tested and couldn't do as you said:
- the file is prefixed with ".scanned:", as it contains ":", it can't
be routed thru cifs (I tested with smbclient)
- the".scanned:FILENAME" file is checked for mtime (mtime should be
later than mtime of FILENAME)

please provide a real exploit.

PS: I'm cc-ing pkg-samba, for info and feedback.

Regards
--
Mathieu Parent

Reply to:

Follow-Ups:
- Bug#609097: About scannedonly packaging
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

Prev by Date: Bug#703366: RFH: apt-file -- search for files within Debian packages (command-line interface)
Next by Date: Bug#612341: could anyone summarize the status on libjpeg-turbo WNPPs? [question for Tom]
Previous by thread: Bug#703528: ITP: ruby-asciidoctor -- AsciiDoc to HTML rendering for Ruby
Next by thread: Bug#609097: About scannedonly packaging
Index(es):
- Date
- Thread