[Pkg-openssl-devel] Bug#750103: openssl: open+chmod race when creating ~/.rnd
Jakub Wilk
jwilk at debian.org
Sun Jun 1 16:26:02 UTC 2014
Package: openssl
Version: 1.0.1g-4
Tags: security
openssl creates the ~/.rnd file with default permissions, then chmods it
to 0600. In the race window between the two operations, local malicious
user could open the file (and then keep it open as long as they wish).
Proof:
$ strace -o '| grep -F .rnd' openssl rand 42 -out /dev/null
stat64("/home/jwilk/.rnd", 0xff990380) = -1 ENOENT (No such file or directory)
stat64("/home/jwilk/.rnd", 0xff9903a0) = -1 ENOENT (No such file or directory)
open("/home/jwilk/.rnd", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
chmod("/home/jwilk/.rnd", 0600) = 0
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.18-7
ii libssl1.0.0 1.0.1g-4
--
Jakub Wilk
More information about the Pkg-openssl-devel
mailing list