reopen 494648
thanks
If you want, You may merge the bugs 444982 494648, dont close!
$ ln -s /etc/shadow /tmp/twiki
$ LANG=C sudo apt-get install twiki
Reading package lists... Done
Building dependency tree
Reading state information... Done
Setting up twiki (1:4.1.2-3.2) ...
Adding password for user TWikiGuest
Adding password for user admin
reloading apache2 config
Reloading web server config: apache2.
$ ll /etc/shadow
-rwxrwxrwt 1 www-data www-data 1339 Июл 28 10:26 /etc/shadow
On 12:09 Wed 13 Aug , Debian Bug Tracking System wrote:
DBTS This is an automatic notification regarding your Bug report
DBTS which was filed against the twiki package:
DBTS #494648: The possibility of attack with the help of symlinks in some
Debian packages
DBTS It has been closed by Sven Dowideit [EMAIL PROTECTED].
DBTS Their explanation is attached below along with your original report.
DBTS If this explanation is unsatisfactory and you have not received a
DBTS better one in a separate message then please contact Sven Dowideit
[EMAIL PROTECTED] by
DBTS replying to this email.
DBTS --
DBTS 494648: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648
DBTS Debian Bug Tracking System
DBTS Contact [EMAIL PROTECTED] with problems
DBTS Date: Wed, 13 Aug 2008 22:06:46 +1000
DBTS From: Sven Dowideit [EMAIL PROTECTED]
DBTS To: [EMAIL PROTECTED]
DBTS Subject: duplicate of Bug#444982, which was fixed
DBTS in Oct 2007
DBTS User-Agent: Mozilla-Thunderbird 2.0.0.16
DBTS (X11/20080724)
DBTS http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982
DBTS Implemented Joey's suggestion of 1777 O_EXCL - mostly the files in
DBTS /tmp are written by CGI::Session, that takes care of things.
DBTS Also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point wrt
DBTS to filling /var
DBTS --
DBTS Professional Wiki Innovation and Support
DBTS Sven Dowideit - http://DistributedINFORMATION.com
DBTS A WikiRing Partner - http://wikiring.com
DBTS Public key -
DBTS http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideitop=indexexact=on
DBTS Date: Mon, 11 Aug 2008 10:57:56 +0400
DBTS From: Dmitry E. Oboukhov [EMAIL PROTECTED]
DBTS To: [EMAIL PROTECTED]
DBTS Subject: The possibility of attack with the help of
DBTS symlinks in some Debian packages
DBTS Package: twiki
DBTS Severity: grave
DBTS Tags: security
DBTS This message about the error concerns a few packages at once. I've
DBTS tested all the packages on my Debian mirror. (post|pre)(inst|rm) and
DBTS config scripts were tested.
DBTS In some packages I've discovered scripts with errors which may be used
DBTS by a user for damaging important system files.
DBTS For example if a script uses in its work a temp file which is created
DBTS in /tmp directory, then every user can create symlink with the same
DBTS name in this directory in order to destroy or rewrite somesystem
DBTS file.
DBTS I set Severity into grave for this bug. The tableof discovered
DBTS problems is below.
DBTS +--+-+--
DBTS |package | script | file for attack
DBTS +--+-+--
DBTS | mplayer-1.0~rc2 | config | /tmp/HACK (pipe)
DBTS | | |
DBTS | nws-2.13 | postinst | /tmp/nws.debug (cp)
DBTS | | |
DBTS | ppp-2.4.4rel | postinst | /tmp/probe-finished (rm -f, pipe)
DBTS | | postinst | /tmp/ppp-errors (rm -f, pipe)
DBTS | ppp-udeb | /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
DBTS | | |
DBTS | twiki-4.1.2 | postinst | /tmp/twiki (chmod 1777, chown)
DBTS +--+-+--
--
... mpd playing: U.D.O. - Man And Machine
. ''`. Dmitry E. Oboukhov
: :’ : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
signature.asc
Description: Digital signature