Hi Alexander,
Many thanks for your email.
I have been willing to review rkhunter bugs before submitting it.
Le mercredi 27 août 2008 à 04:00 +0400, Solar Designer a écrit :
FWIW, I happened to independently notice this and report it upstream a
week ago:
On Wed, Aug 27, 2008 at 09:06:58AM +0200, Julien Valroff wrote:
Do you suggest that using /var/run/rkhunter-debug is better
than /tmp/rkhunter-debug. (created using mktemp)?
Yes - primarily from usability standpoint. This time, having a fixed
filename is better, and since rkhunter
FWIW, I happened to independently notice this and report it upstream a
week ago:
https://sourceforge.net/tracker/?func=detailatid=794190aid=1971965group_id=155034
While I am at it, I suggest that you change /tmp/rkhunter-debug to
/var/run/rkhunter-debug. Right now, you have a security hole
Hi Dmitry,
Le dimanche 24 août 2008 à 22:05 +0400, Dmitry E. Oboukhov a écrit :
Package: rkhunter
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages
Le lundi 25 août 2008 à 14:02 +0400, Dmitry E. Oboukhov a écrit :
On 11:09 Mon 25 Aug , Julien Valroff wrote:
JV Hi Dmitry,
JV Le dimanche 24 août 2008 à 22:05 +0400, Dmitry E. Oboukhov a écrit :
JV Package: rkhunter
JV Severity: grave
[...]
JV In some packages I've discovered scripts
On Mon, Aug 25, 2008 at 11:09:02 +0200, Julien Valroff wrote:
I think rkhunter is safe, given that the script does check that the file
in /tmp is a file (and not a symlink) before using it:
if [ $1 = --debug ]; then
if [ -e /tmp/rkhunter-debug ]; then
package rkhunter
reopen 496375
thanks
Le lundi 25 août 2008 à 12:52 +0200, Julien Cristau a écrit :
On Mon, Aug 25, 2008 at 11:09:02 +0200, Julien Valroff wrote:
I think rkhunter is safe, given that the script does check that the file
in /tmp is a file (and not a symlink) before using it:
Processing commands for [EMAIL PROTECTED]:
package rkhunter
Ignoring bugs not assigned to: rkhunter
reopen 496375
Bug#496375: The possibility of attack with the help of symlinks in some Debian
packages
Bug reopened, originator not changed.
thanks
Stopping processing here.
Please contact me
This one time, at band camp, Julien Valroff said:
What can I do to prevent this? Dmitry suggested using mktemp, but
this would only *reduce* the probability of exploiting this race
condition.
No, it pretty much eliminates it. mktemp is clever enough to give you a
unique filename that doesn't
Package: rkhunter
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
In some packages I've discovered scripts with errors
10 matches
Mail list logo