#13579: test_executable security risk
---------------------------------------------------------------+------------
Reporter: vbraun | Owner:
mvngu
Type: defect | Status:
needs_work
Priority: blocker | Milestone:
sage-5.4
Component: doctest | Resolution:
Keywords: | Work issues:
Report Upstream: Not yet reported upstream; Will do shortly. | Reviewers:
Volker Braun, Jeroen Demeyer
Authors: Jeroen Demeyer, Volker Braun | Merged in:
Dependencies: | Stopgaps:
---------------------------------------------------------------+------------
Comment (by nbruin):
Do the write permissions on the directory actually say anything about
security? Imagine the following:
{{{
$ su A
$ mkdir /tmp/test
$ chmod a+wrx /tmp/test
$ mkdir /tmp/test/secure
$ chmod go-w /tmp/test/secure
$ cp python_test.py /tmp/test/secure
$ /tmp/test/secure/python_test.py
[...]
}}}
Now (from a different terminal):
{{{
$ su B
$ mkdir /tmp/test/new
$ cp -R /tmp/test/secure /tmp/test/new
$ cp evil_sys.py /tmp/test/new/sys.py
$ mv /tmp/test/secure /tmp/test/secure_bak; mv /tmp/test/new
/tmp/test/secure
}}}
Any open files for the running `python_test.py` will remain, but any files
that are newly looked up by (absolute) path name will be found in what
used to be `/tmp/test/new`. In particular a late `import sys`.
Of course, this is why there's a `t` flag on `/tmp`.
In any case, apparently python comes with a caution: Don't run scripts in
directories writeable by people you don't trust, not even `t` flagged
ones.
We're changing that caution to: Don't run scripts in directories that have
components in their path that are writeable by people you don't trust,
although `t` flagged is fine lower down. We'll warn you if the top level
is writeable, since that is particularly easy to exploit.
The proposed change fixes the particular issue for Sage, but with the
formulation above, I don't think there's any chance of this getting
accepted upstream. It doesn't look like a real solution. It's just kicking
the ball a little further (far enough for us).
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13579#comment:37>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.