* Jakub Wilk <[email protected]>, 2014-01-28, 20:20:
Upstream has just committed a fix a security vulnerability:
https://github.com/phusion/passenger/commit/34b1087870c2
Raphael Geissert noticed[0] that the fix is incomplete:
One thing to notice, however, is that there's a race condition between
the stat check introduced in 34b1087870c2.
The following sequence still triggers the bogus behaviour:
<user> mkdir $dir
<phusion> lstat() (getFileTypeNoFollowSymlinks)
<user> rmdir $dir
<user> ln -s /target $dir
<phusion> stat() (from verifyDirectoryPermissions)
[0] http://www.openwall.com/lists/oss-security/2014/01/29/6
--
Jakub Wilk
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
