Hi, Ho Ngoc Thien Phu, CC'ed here, reported to linux-distros a couple of ways to abuse "/usr/share/aide/bin/dailyaidecheck (shipped with AIDE 0.19.x in Debian and derivatives)" to run arbitrary commands, if the configuration file /etc/default/aide is writable by the attacker.
However, that file is trusted input, it must not be writable by any attacker, and indeed by default it is not. The MAILCMD variable in the file directly specifies a command to be run, so concerns about the configuration file also allowing to run arbitrary commands in weirder ways look irrelevant. I am posting this to oss-security for the sake of completeness, because it was on linux-distros. Otherwise, there's nothing to see here. That said, it's good that people are looking at AIDE and its packaging, which I think is in need of a proper security audit. Alexander
