Package: i7z Version: 0.27.2-1 Severity: serious Hello,
i7z can only be run by root. When run, it creates a file /tmp/cpufreq.txt without checking if it previously exists. I successfully managed to set up a dangling symlink and have i7z follow it when creating the file. This is somewhat mitigated by the fact that the attack doesn't seem to work if the symlink is not owned by root: in that case, i7z will refuse to start. However, this allows any user to prevent root from running i7z, by just creating a dummy /tmp/cpufreq.txt . Ciao, Enrico -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.9-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages i7z depends on: ii libc6 2.17-7 ii libncurses5 5.9+20130608-1 ii libtinfo5 5.9+20130608-1 ii msr-tools 1.2-3 ii ruby 1:1.9.3 ii ruby1.8 [ruby-interpreter] 1.8.7.358-7.1 ii ruby1.9.1 [ruby-interpreter] 1.9.3.194-8.1+b1 i7z recommends no packages. i7z suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
