On Sat, Oct 08, 2005 at 05:29:23PM -0700, Steve Langasek wrote: > On Sun, Oct 09, 2005 at 12:11:30AM +0200, Paolo wrote: > > Package: masqmail > > Version: 0.2.20-1sarge1 > > Severity: critical > > > seems to me that the default config of online_file is pretty insecure: > > > /tmp/connect_route > > > given the way it's created by the ip-up script: > > > [ ROUTEFILE=/tmp/connect_route ] > > ... > > if [ -n "$SCHEME" ] ; then > > echo -n "$SCHEME" > "$ROUTEFILE" > > chmod 0644 "$ROUTEFILE" > > fi > > ... > > > I think adding > > > rm -f "$ROUTEFILE" > > > before 'echo ...' would be enough. > > No, it wouldn't. That would just replace a symlink attack with a race > condition+symlink attack.
ok, I'll let you elaborate a real solution ;) - I for me have set /var/run/masqmail_connect_route as default; not a solution to the package of course, just a safer default. > > But I don't see any of this code in the /etc/ppp/ip-up.d/1masqmail script in > this version of the package, so I don't know what you're talking about? hmm... in masqmail_0.2.20-1sarge1.tar.gz, masqmail-0.2.20/debian/masqmail.ip-up: 50: if [ -n "$SCHEME" ] ; then 51: echo -n "$SCHEME" > "$ROUTEFILE" 52: chmod 0644 "$ROUTEFILE" 53: fi the [ ... ] above is just a reminder for the report, it's not in the code of course. -- paolo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
