Package: ddclient
Version: 3.8.0-10
Severity: grave
Tags: security
Justification: user security hole
Hi,
A local user could perform a symlink attack against /tmp/ddclient.cache file.
I see two solutions for this problem:
1) use /var/run/ddclient.cache as the cache file (only root has access here)
Hey,
* Teodor [2010-03-21 16:49]:
> A local user could perform a symlink attack against /tmp/ddclient.cache file.
> I see two solutions for this problem:
> 1) use /var/run/ddclient.cache as the cache file (only root has access here)
> 2) use `mktemp' to create a non-predictable temporary file.
>
Hi,
On Sun, Mar 21, 2010 at 6:43 PM, Nico Golde wrote:
> From what I see it is using /var/cache/ddclient/ddclient.cache. Can you
> elaborate why you think it's using /tmp/?
It doesn't apper to be using that directory. This is what I have on my laptop:
| d...@r2:~$ ls -l /tmp/ddclient.cache /var/
Hey,
* Teodor MICU [2010-03-21 19:23]:
> On Sun, Mar 21, 2010 at 6:43 PM, Nico Golde wrote:
> > From what I see it is using /var/cache/ddclient/ddclient.cache. Can you
> > elaborate why you think it's using /tmp/?
>
> It doesn't apper to be using that directory. This is what I have on my laptop:
On Sun, Mar 21, 2010 at 09:45:02PM +0100, Nico Golde wrote:
> > Also, I'm watching syslog quite a lot and I noticed this line at boot:
> > | Mar 21 19:56:39 r2 ddclient[3135]: WARNING: file
> > /tmp/ddclient.cache, line 3: Invalid Value for keyword 'ip' = ''
>
> Hmm ok, this is strange. When I wr
5 matches
Mail list logo
