On Fri, Dec 10, 2010 at 9:43 AM, Michael Tautschnig <[email protected]> wrote: >> These lines from this package's maintainer scripts suggest that it likely >> is affected by the vulnerability: >> >> --------------------------------------------------------------------------- >> chmod 640 $FRESHCLAMLOGFILE >> chown "$dbowner":adm $FRESHCLAMLOGFILE >> --------------------------------------------------------------------------- >> > > What is wrong about these two lines? And even from ...
It suggests the daemon itself creates the file. Copytruncate suggests logrotate also creates the file. Logrotate runs as root, so if the attacker (running as daemon user) creates the symlink, logrotate might overwrite an arbitrary file (I guess). Olaf _______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
