Date: Fri, 2 Dec 2011 01:40:04 +0400 From: "Dmitry V. Levin" <ldv@...linux.org> To: owl-dev@...ts.openwall.com Subject: Re: [owl-cvs] Owl/packages/rpm On Mon, Jul 25, 2011 at 05:35:15AM +0400, Owl CVS (solar) wrote: > Update of /Owl/packages/rpm > > Modified Files: > rpm.spec > Added Files: > rpm-4.2-owl-remove-unsafe-perms.diff > Log Message: > Added a patch to remove unsafe file permissions (chmod'ing files to 0) on > package removal or upgrade to prevent continued access to such files via > hard-links possibly created by a user (CVE-2005-4889, CVE-2010-2059). There is a risk to get into big trouble with this change, because hardlinked files could be legally created by packages without any user intervention. For example, our screen package hardlinks /usr/libexec/chkpwd/tcb_chkpwd and /usr/libexec/utempter/utempter to /usr/libexec/screen/, and only by sheer luck (we happily have a %preun script that removes these /usr/libexec/screen/* files) screen package removal does not lead to zeroing permissions of /usr/libexec/chkpwd/tcb_chkpwd and /usr/libexec/utempter/utempter. Those who rely on rpm to remove %ghost files may some day be trapped by this hardening feature. I actually got trapped after porting it to Sisyphus where permissions of several system config files including /etc/nsswitch.conf were zeroed after removing a chrooted daemon. -- ldv Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.