On Mon, Mar 11, 2002 at 08:52:54PM -0600, Steve Langasek wrote: > dpkg doesn't normally run on a network port, so exploiting it doesn't get > you local access unless you already have it; and it's not suid, so running > it from commandline doesn't let you get root. Therefore, there is no > security hole opened by a vulnerability in dpkg.
Not so; other, more subtle attack vectors are possible. For example, the superuser could use dpkg-deb --extract on a hostile binary .deb. This should be a safe operation, given a properly controlled environment, but by exploiting this bug, dpkg could be tricked into executing arbitrary code. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
