Bug#852172: dpkg: insecure use of temp file when upgrading conf file

Sun, 22 Jan 2017 03:00:50 -0800 

Package: dpkg
Version: 1.18.7
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: =?utf-8?q?Beno=C3=AEt?= <bdej...@gmail.com>
To: Debian Bug Tracking System <sub...@bugs.debian.org>
Subject: dpkg: Insecure use of temp file when upgrading conf file
Message-ID: <148508137504.25923.4577376012946261907.reportbug@powerbook>
X-Mailer: reportbug 7.1.3
Date: Sun, 22 Jan 2017 11:36:15 +0100

Package: dpkg
Version: 1.18.7
Severity: normal

Dear Maintainer,

I'm upgrading openssh server and dpkg tells me about a new config file.
I usually find a .dist-something file beside the current file.
I couldn't.
Then I read carefully dpkg's message.
It's telling me to check a file with a hard-to-remember name in /tmp/.
And that file is world readable, unlike my current config file.

I don't know if it's safe to have a sshd_config world-readable, but
some other package conf file may store secret information.
So puting the new file world readable in a world-readable dir doesn't
seem right to me.

$ LANG=C ls -la /tmp/fileaURJMg /etc/ssh/sshd_config 
-rw------- 1 root root 2425 Jan 28  2016 /etc/ssh/sshd_config
-rw-r--r-- 1 root root 3361 Jan 16 16:11 /tmp/fileaURJMg

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages dpkg depends on:
ii  libbz2-1.0   1.0.6-8
ii  libc6        2.24-2
ii  liblzma5     5.1.1alpha+20120614-2.1
ii  libselinux1  2.3-2+b1
ii  tar          1.29b-1.1
ii  zlib1g       1:1.2.8.dfsg-2+b1

dpkg recommends no packages.

Versions of packages dpkg suggests:
ii  apt  1.3.1

-- no debconf information

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages dpkg depends on:
ii  libbz2-1.0   1.0.6-8
ii  libc6        2.24-2
ii  liblzma5     5.1.1alpha+20120614-2.1
ii  libselinux1  2.3-2+b1
ii  tar          1.29b-1.1
ii  zlib1g       1:1.2.8.dfsg-2+b1

dpkg recommends no packages.

Versions of packages dpkg suggests:
ii  apt  1.3.1

-- no debconf information

Reply via email to