Hi Dmitry,
Le dimanche 24 août 2008 à 22:05 +0400, Dmitry E. Oboukhov a écrit :
> Package: rkhunter
> Severity: grave
>
> Hi, maintainer!
>
> This message about the error concerns a few packages at once. I've
> tested all the packages (for Lenny) on my Debian mirror. All scripts
> of packages (marked as executable) were tested.
>
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files or user's files.
>
> For example if a script uses in its work a temp file which is created
> in /tmp directory, then every user can create symlink with the same
> name in this directory in order to destroy or rewrite some system
> or user file. Symlink attack may also lead not only to the data
> desctruction but to denial of service as well.
I think rkhunter is safe, given that the script does check that the file
in /tmp is a file (and not a symlink) before using it:
if [ "$1" = "--debug" ]; then
if [ -e "/tmp/rkhunter-debug" ]; then
if [ -f "/tmp/rkhunter-debug" -a ! -h
"/tmp/rkhunter-debug" ]; then
rm -f /tmp/rkhunter-debug >/dev/null 2>&1
else
echo "Cannot use '--debug' option.
/tmp/rkhunter-debug already exists, but it is not a file."
exit 1
fi
fi
Would you please confirm this is ok so that I can close this bug?
Cheers,
Julien
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
