Package: coreutils Version: 8.23-4 Severity: important File: /usr/bin/install
The install command is vulnerable to a race condition. If used by root to create a file in a directory writable to users or groups other than root, then after install creates the file, the file just created could be replaced by a symlink: then lchown() would act on the symlink itself, and chmod() would act on the target of the symlink. Seems it would be better for install to use fchown() and fchmod(): safer, more robust, and maybe more efficient. Using strace shows that install does: open("target", O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 4 .... [write content with write(4,...)] ... fchmod(4, 0600) = 0 close(4) = 0 .... lchown32("target", UID, GID) = 0 chmod("target", MODE) = 0 .... The last two commands should be changed into fchown() and fchmod(), and moved to be prior to the close(). Would it help it I submitted patches? Thanks, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 8.6 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 3.16.7-ckt20-pk07.18-amd64 (SMP w/32 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages coreutils depends on: ii libacl1 2.2.52-2 ii libattr1 1:2.4.47-2 ii libc6 2.19-18+deb8u6 ii libselinux1 2.3-2 coreutils recommends no packages. coreutils suggests no packages. -- no debconf information