Package: openssl
Version: 1.0.1g-4
Tags: security
openssl creates the ~/.rnd file with default permissions, then chmods it
to 0600. In the race window between the two operations, local malicious
user could open the file (and then keep it open as long as they wish).
Proof:
$ strace -o '| grep -F .rnd' openssl rand 42 -out /dev/null
stat64("/home/jwilk/.rnd", 0xff990380) = -1 ENOENT (No such file or directory)
stat64("/home/jwilk/.rnd", 0xff9903a0) = -1 ENOENT (No such file or directory)
open("/home/jwilk/.rnd", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
chmod("/home/jwilk/.rnd", 0600) = 0
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.18-7
ii libssl1.0.0 1.0.1g-4
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
