[Lazarus] Security issue (symlink attack) in Lazarus filed on Fedora's bugzilla
ik
idokan at gmail.com
Fri Aug 29 17:44:11 CEST 2008
You should create a temporary name or check and see where the symlink
follows before executing/removing it. So if it does not point for the
right direction, you just exit with an error.
Ido
On Fri, Aug 29, 2008 at 5:53 PM, Vincent Snijders <vsnijders at quicknet.nl> wrote:
> Joost van der Sluis schreef:
>> Hi all,
>>
>> As the packager of Lazarus in Fedora, I get notifications if someone
>> files a bug in Fedora's bug-tracker.
>>
>> Now someone added a bug-report with a security issue:
>> https://bugzilla.redhat.com/show_bug.cgi?id=460642
>>
>> And indeed, if someone add a symlink like 'ln -s /tmp/fpc_patchdir /etc'
>> and thereafter someone with root-permissions runs the
>> check_fpc_dependencies.sh script with th following code in it he won't
>> be happy:
>>
>> 89 TmpDir=/tmp/fpc_patchdir
>> 90 if [ "$WithTempDir" = "yes" ]; then
>> 91 if [ -d $TmpDir ]; then
>> 92 rm -rf $TmpDir/*
>> 93 rm -r $TmpDir
>> 94 fi
>>
>
> Somebody reported the same (or similar) issues in the debian bug tracker.
>
> Maybe the best solution is not to package these scripts in rpm/debs, so
> that they don't enter the dangerous wild where people are running
> scripts with root permissions and add symlinks in the tmp directory.
>
> Vincent
> _______________________________________________
> Lazarus mailing list
> Lazarus at lazarus.freepascal.org
> http://www.lazarus.freepascal.org/mailman/listinfo/lazarus
>
--
http://ik.homelinux.org/
More information about the Lazarus
mailing list