Hi Dmitry, Le dimanche 24 août 2008 à 22:05 +0400, Dmitry E. Oboukhov a écrit : > Package: rkhunter > Severity: grave > > Hi, maintainer! > > This message about the error concerns a few packages at once. I've > tested all the packages (for Lenny) on my Debian mirror. All scripts > of packages (marked as executable) were tested. > > In some packages I've discovered scripts with errors which may be used > by a user for damaging important system files or user's files. > > For example if a script uses in its work a temp file which is created > in /tmp directory, then every user can create symlink with the same > name in this directory in order to destroy or rewrite some system > or user file. Symlink attack may also lead not only to the data > desctruction but to denial of service as well.
I think rkhunter is safe, given that the script does check that the file in /tmp is a file (and not a symlink) before using it: if [ "$1" = "--debug" ]; then if [ -e "/tmp/rkhunter-debug" ]; then if [ -f "/tmp/rkhunter-debug" -a ! -h "/tmp/rkhunter-debug" ]; then rm -f /tmp/rkhunter-debug >/dev/null 2>&1 else echo "Cannot use '--debug' option. /tmp/rkhunter-debug already exists, but it is not a file." exit 1 fi fi Would you please confirm this is ok so that I can close this bug? Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]