On Sat, 29 Aug 2009 at 18:50:08 -0400, Yaroslav Halchenko wrote: > could you elaborate on what security implications (since you are talking > about attacks) this bug would result in? to me -- none (besides > 'misinformation), since that file to accumulate the body of the email > which is to be sent upon actionstop.
You're welcome! As the filename is predictable, and the directory is writable for everybody, an attacker can create a symlink leading to any file, also to files writable only for root. Then fail2ban (which runs as root) will damage the target file while writing to the tmpfile. Well, at least the most spectacular ;-( target (/etc/shadow) won't be overwritten, because, AFAICS, the script appends (>>), not overwrites (>). But some important file (e.g. a binary) can be damaged by appending some data to it. HTH > if I am right, and there is no security implications, then I would like > to reduce severity to normal at most > > .-. > =------------------------------ /v\ ----------------------------= > Keep in touch // \\ (yoh@|www.)onerussian.com > Yaroslav Halchenko /( )\ ICQ#: 60653192 > Linux User ^^-^^ [175555] > -- Tomasz Papszun | And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

