Bug#789401: pbuilder: chroot's /tmp accessible to users when bootstrapping
Jakub Wilk
jwilk at debian.org
Sat Jun 20 15:01:33 UTC 2015
Source: pbuilder
Severity: minor
Tags: security
When you're creating base.tgz, chroot's /tmp is accessible to all local
users. Malicious local user could put arbitrary files there, and
pbuilder will pack them into base.tgz.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages pbuilder depends on:
ii coreutils 8.23-4
ii debconf [debconf-2.0] 1.5.56
ii debianutils 4.5.1
ii debootstrap 1.0.70
ii dpkg-dev 1.18.1
ii wget 1.16.3-2+b2
--
Jakub Wilk
More information about the Pbuilder-maint
mailing list