Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Dec 2009 11:50:16 +0100
From: Hanno Böck <hanno@...eck.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE request: acl 2.2.47 always follows symlinks

setfacl/getfacl (part of package acl-2.2.47) contains a bug that it ignores 
the --physical/-P parameter that means don't follow symlinks on -R 
(recursive).

This can lead to security problems, e.g. if there's a cron script giving a 
user full rwX rights for a directory, he can put a symlink there pointing to / 
or /etc or whatever.
Another scenario would be a backup script saving the /home acls to a file, 
every user can create an endless loop for that and prevent the script from 
completing.

http://oss.sgi.com/bugzilla/show_bug.cgi?id=790
http://bugs.gentoo.org/show_bug.cgi?id=265425
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076

Fixed in upstream source, but no new release yet.
Please assign a CVE.

-- 
Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno@...eck.de

http://schokokeks.org - professional webhosting

Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.