Bug#924692: apport: /var/crash/.lock created insecurely

* Ritesh Raj Sarraf , 2019-03-18, 20:20: Apport tries to create /var/crash/.lock if doesn't exist already. But /var/crash/ is world-writable, so a malicious local user could do: ln -sf /nonexistent /var/crash/.lock to prevent Apport from creating the lock file. Yes. /var/crash/ is world wr

Bug#924692: apport: /var/crash/.lock created insecurely

On Mon, 2019-03-18 at 19:57 +0530, Ritesh Raj Sarraf wrote: > On Fri, 2019-03-15 at 22:39 +0100, Jakub Wilk wrote: > > Apport tries to create /var/crash/.lock if doesn't exist already. > > But > > /var/crash/ is world-writable, so a malicious local user could do: > > > >ln -sf /nonexistent /v

Bug#924692: apport: /var/crash/.lock created insecurely

On Fri, 2019-03-15 at 22:39 +0100, Jakub Wilk wrote: > Apport tries to create /var/crash/.lock if doesn't exist already. > But > /var/crash/ is world-writable, so a malicious local user could do: > >ln -sf /nonexistent /var/crash/.lock > > to prevent Apport from creating the lock file. Yes.

Bug#924692: apport: /var/crash/.lock created insecurely

Package: apport Version: 2.20.4-5 Tags: security Apport tries to create /var/crash/.lock if doesn't exist already. But /var/crash/ is world-writable, so a malicious local user could do: ln -sf /nonexistent /var/crash/.lock to prevent Apport from creating the lock file. -- Jakub Wilk