Package: netenv
Version: 0.94.3-30
Tags: security
netenv uses /var/tmp/env for storing its state:
NETENV_FIL="/var/tmp/netenv"
# Create the netenv file if it doesn't exist yet (only if called by root).
[ `id -u` = "0" ] && touch -a $NETENV_FIL
# Security check
if [ "X`stat -c %u $NETENV_FIL`" != "X0" -o ! -f $NETENV_FIL ]; then
echo "netenv: $NETENV_FIL must be a regular file owned by root"
exit 1
fi
if [ "X$((0`stat -c %a $NETENV_FIL` & 022))" != "X0" ]; then
echo "netenv: Security check failed, fix $NETENV_FIL permissions"
exit 1
fi
/var/tmp is world-writable, so any local user could create
/var/tmp/netenv, preventing netenv from starting.
Moreover, on systems that lack hardlink protection
(/proc/sys/fs/protected_hardlinks), local user could create
/var/tmp/netenv as hardlink to an existing root-owned file, causing
overwrite of the file.
I'd strongly suggest to move the state file to /var/lib/netenv, as per
FHS.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
