ilisp

Andreas Beckmann Wed, 25 Jul 2012 16:51:15 -0700

Package: ilisp
Version: 5.12.0+cvs.2004.12.26-17
Severity: grave
Tags: security
Justification: user security hole
User: [email protected]
Usertags: piuparts


Hi,

ilisp creates the following directory

  drwxrwxrwx 2 root root 300 Jul 22 22:03 /usr/lib/ilisp

with this postinst snippet:

  chmod 777 /usr/lib/ilisp # Required so that users can build .fasl files

That directory contains symlinks to various *.lisp files
which may now be replaced by any local user...

I don't use ilisp, I don't speak lisp, I just wrote the piuparts check
for world writable directories :-)


Andreas


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Bug#682826: ilisp: creates world writable directory /usr/lib/ilisp

Reply via email to