Package: beep Version: 1.3-4+b1 beep opens arbitrary files for write as root, bypassing file permissions. The impact is as follows:
1. beep reveals whether any file exists, even if the file's existence would normally be secret from the calling user. $ ls -ld /etc/hidden/ drwx------ 2 root root 4096 Apr 7 08:18 /etc/hidden/ $ ls -l /etc/hidden/secret ls: cannot access '/etc/hidden/secret': Permission denied $ ls -l /etc/hidden/nonexistent ls: cannot access '/etc/hidden/nonexistent': Permission denied $ beep -e /etc/hidden/secret ioctl: Inappropriate ioctl for device ioctl: Inappropriate ioctl for device $ beep -e /etc/hidden/nonexistent Could not open /etc/hidden/nonexistent for writing open: No such file or directory 2. beep reveals information about the file type, even if that would normally be secret from the calling user. For example, a socket will yield "no such device or address". 3. If a file has side effects when opened, beep allows the calling user to trigger those side effects even if they are not authorized to do so. Jakub Wilk pointed out that named pipes and tape devices are affected. This issue is already discussed in the upstream bug report at https://github.com/johnath/beep/issues/11 but I believe all the relevant information is captured here. ttfn/rjk
