Re: Uploaded devscripts 2.0.0 (source all) to master
Julian Gilbey wrote:
> > Julian Gilbey wrote:
> > > * Now debchange works on a version of the changelog in /tmp and only
> > > overwrites the current changelog if everything is OK; this is much
> > > safer than the original version. Also, all system calls have their
> > > return status checked
> >
> > Did you do this safely? Ie, did you protect against file in /tmp exploits?
>
> debchange runs with no special privileges, so I haven't taken
> precautions against /tmp exploits. What I will do, though, is to
> disable debchange from running as root or setuid root for the next
> release.
Sorry, this means that I can file a critical security bug on devscripts.
Consider this:
ln -s /home/joey/thesis.txt /tmp/changelog
If an attacker on the system tries something like this, joey's thesis paper
will be replaced with a copy of his changelog the next time he uses debchange.
(This is assumming you use /tmp/changelog as the tmp file.)
The correct solution to this is to not use /tmp. Just output to
debian/changelog.new and move that over top of debian/changelog when done.
--
see shy jo
Reply to: