Your message dated Mon, 22 Mar 2010 07:27:15 +0200
with message-id <796aed871003212227we2fec44o5b5b6170a1850...@mail.gmail.com>
and subject line Re: Bug#574832: [security] possible symlink attack against
/tmp/ddclient.cache
has caused the Debian Bug report #574832,
regarding [security] possible symlink attack against /tmp/ddclient.cache
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
574832: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574832
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ddclient
Version: 3.8.0-10
Severity: grave
Tags: security
Justification: user security hole
Hi,
A local user could perform a symlink attack against /tmp/ddclient.cache file.
I see two solutions for this problem:
1) use /var/run/ddclient.cache as the cache file (only root has access here)
2) use `mktemp' to create a non-predictable temporary file.
The first solution seem to be the best as it avoids the complexity of working
with non-predictable temporary files (create, find, update, close).
Thanks
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages ddclient depends on:
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii initscripts 2.87dsf-8.1 scripts for initializing and shutt
ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip
ii perl [perl5] 5.10.1-11 Larry Wall's Practical Extraction
Versions of packages ddclient recommends:
ii libio-socket-ssl-perl 1.31-1 Perl module implementing object or
ddclient suggests no packages.
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Hi,
On Sun, Mar 21, 2010 at 10:45 PM, Nico Golde <n...@debian.org> wrote:
> Hmm ok, this is strange. When I wrote this I tested it and it was using
> /var/cache and I had a *quick* look at the code that indicated the same. Maybe
> the ddclient maintainer can clarify the situation, I lack the time to digg
> deeper.
After sending the last message one idea crossed my mind that it might
be my own configuration (adapted from [1]) and as usual the most
obvious thing is the cause of the problem:
| r...@r2:~# grep cache /etc/ddclient.conf
| cache=/tmp/ddclient.cache
I've removed that line and the cache file is in /var/cache/ddclient as
you said. Sorry for the noise.
Thanks
[1] https://www.dyndns.com/support/kb/using_ddclient_with_dyndns_services.html
--- End Message ---
