The following commit has been merged in the master branch:
commit 7738fe5398d6610723c3def2ddc50eea1a73c327
Author: Guillem Jover <[email protected]>
Date: Thu Feb 25 04:13:02 2010 +0100
Securely remove newly installed files when rolling-back a failed unpack
When an error occurs during unpack the code is not securely removing
the newly installed files that might be still laying around, which
gives attackers a small window were they could hard link a file with
set id bits. This situation is pretty contrived as the attacked would
need to control the failing of the package during unpack.
diff --git a/debian/changelog b/debian/changelog
index ed8624c..bfbb735 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -112,6 +112,7 @@ dpkg (1.15.6) UNRELEASED; urgency=low
dpkg-deb --info or --field use mkdtemp() to create a temporary directory
instead of insecure tempnam() or tmpnam() functions.
* Remove --license and --licence options from tools.
+ * Securely remove newly installed files when rolling-back a failed unpack.
[ Modestas Vainius ]
* Implement symbol patterns (Closes: #563752). From now on, it is possible to
diff --git a/src/archives.c b/src/archives.c
index 0d1d9d4..365f17e 100644
--- a/src/archives.c
+++ b/src/archives.c
@@ -290,7 +290,8 @@ int unlinkorrmdir(const char *filename) {
errno= e; return -1;
}
- r= unlink(filename); e= errno;
+ r = secure_unlink(filename);
+ e = errno;
debug(dbg_eachfiledetail,"unlinkorrmdir `%s' unlink %s",
filename, r ? strerror(e) : "OK");
errno= e; return r;
--
dpkg's main repository
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
