Package: libproc-processtable-perl
Version: 0.45-1
Severity: important
Tags: security
Proc::ProcessTable can cache TTY information (not enabled by default).
For this it uses the file /tmp/TTYDEVS.
If caching is enabled, there is a race condition that allows to
overwrite arbitrary files in ProcessTable.pm:
102 if( -r $TTYDEVSFILE )
103 {
104 $_ = Storable::retrieve($TTYDEVSFILE);
[...]
107 else
108 {
[...]
112 Storable::store(\%Proc::ProcessTable::TTYDEVS, $TTYDEVSFILE);
If a symlink /tmp/TTYDEVS is created between line 102 and 112, the file the
link points to is overwritten. Alternatively wrong information can be
provided.
The relevant code path can be reached with
perl -MProc::ProcessTable -e 'my $t = Proc::ProcessTable->new(cache_ttys =>
1, enable_ttys => 1); $t->table;'
Ansgar
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
