Package: coreutils
Version: 8.23-4
Severity: important
File: /usr/bin/install
The install command is vulnerable to a race condition.
If used by root to create a file in a directory writable to users or
groups other than root, then after install creates the file, the file
just created could be replaced by a symlink: then lchown() would act on
the symlink itself, and chmod() would act on the target of the symlink.
Seems it would be better for install to use fchown() and fchmod():
safer, more robust, and maybe more efficient.
Using strace shows that install does:
open("target", O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = 4
.... [write content with write(4,...)] ...
fchmod(4, 0600) = 0
close(4) = 0
....
lchown32("target", UID, GID) = 0
chmod("target", MODE) = 0
....
The last two commands should be changed into fchown() and fchmod(),
and moved to be prior to the close().
Would it help it I submitted patches?
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 8.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 3.16.7-ckt20-pk07.18-amd64 (SMP w/32 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages coreutils depends on:
ii libacl1 2.2.52-2
ii libattr1 1:2.4.47-2
ii libc6 2.19-18+deb8u6
ii libselinux1 2.3-2
coreutils recommends no packages.
coreutils suggests no packages.
-- no debconf information
