Bug#840685: TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory (was: Re: Bug#840685: tomcat8: DSA-3670 incomplete)

Control: severity -1 normal Control: found -1 8.0.14-1 Hi Paul, On Sat, Oct 15, 2016 at 07:25:59AM +1100, paul.sz...@sydney.edu.au wrote: > Dear Salvatore, > > > You are operating here outside of /tmp (sticky world-writable > > directory) which the above issue for the init scripts relies on, >

Bug#840685: TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory (was: Re: Bug#840685: tomcat8: DSA-3670 incomplete)

Dear Salvatore, > You are operating here outside of /tmp (sticky world-writable > directory) which the above issue for the init scripts relies on, > right? fs.protected_(hardlinks|symlinks) is exactly a hardening for > those issues: > https://www.kernel.org/doc/Documentation/sysctl/fs.txt I

Bug#840685: TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory (was: Re: Bug#840685: tomcat8: DSA-3670 incomplete)

Hi Paul, Markus followed already up, I just want to give some additional comments on the below: On Fri, Oct 14, 2016 at 07:07:52PM +1100, paul.sz...@sydney.edu.au wrote: > Dear Salvatore, > > > ... if the attacher created a symlink between the rm and the mkdir > > then mkdir will still fail