[Secure-testing-team] Bug#574832: [security] possible symlink attack against /tmp/ddclient.cache
Teodor
mteodor at gmail.com
Sun Mar 21 14:57:16 UTC 2010
Package: ddclient
Version: 3.8.0-10
Severity: grave
Tags: security
Justification: user security hole
Hi,
A local user could perform a symlink attack against /tmp/ddclient.cache file.
I see two solutions for this problem:
1) use /var/run/ddclient.cache as the cache file (only root has access here)
2) use `mktemp' to create a non-predictable temporary file.
The first solution seem to be the best as it avoids the complexity of working
with non-predictable temporary files (create, find, update, close).
Thanks
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages ddclient depends on:
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii initscripts 2.87dsf-8.1 scripts for initializing and shutt
ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip
ii perl [perl5] 5.10.1-11 Larry Wall's Practical Extraction
Versions of packages ddclient recommends:
ii libio-socket-ssl-perl 1.31-1 Perl module implementing object or
ddclient suggests no packages.
-- debconf information excluded
More information about the Secure-testing-team
mailing list