On Mon, Aug 10, 2015 at 01:32:54AM +0200, Jakub Wilk wrote:
* Jakub Wilk jw...@debian.org, 2015-06-20, 17:04:
pbuilder builds the package in $BUILDPLACE/tmp/buildd. But $BUILDPLACE/tmp
is normally world-writable, and pbuilder doesn't fail if the buildd
direcory already exists:
mkdir -p
* Mattia Rizzolo mat...@mapreri.org, 2015-08-08, 17:00:
I don't see how changing it can fix #789401, though.
It would improve the situation, as a malicious local user can not plant
the build dir any more
Right. But there might be other /tmp vulnerabilities (in pbuilder or
elsewhere) that
Jakub Wilk dixit:
And there's DoS aspect: local user could stuff chroot's /tmp with garbage,
which pbuilder then will have to compress and later decompress on every build.
Meh, it's probably trivial to let it create the chroot inside
a temporary directory other users may not traverse.
The
On Sun, Aug 09, 2015 at 09:05:12PM +, Thorsten Glaser wrote:
The current “let's move the build dir” stinks much more, why
not pre-create /tmp/build in the chroot to be writable only
to the buildd user?
pbuilder currently creates /tmp/buildd at chroot creation time, just after
debootstrap
Correction:
* Jakub Wilk jw...@debian.org, 2015-06-20, 17:04:
pbuilder builds the package in $BUILDPLACE/tmp/buildd. But
$BUILDPLACE/tmp is normally world-writable, and pbuilder doesn't fail
if the buildd direcory already exists:
mkdir -p $BUILDPLACE/tmp/buildd
There's a race window
Processing control commands:
tags -1 pending
Bug #789404 [src:pbuilder] pbuilder: insecure use of /tmp
Added tag(s) pending.
severity 789401 important
Bug #789401 [src:pbuilder] pbuilder: chroot's /tmp accessible to users when
bootstrapping
Severity set to 'important' from 'minor'
--
789401
Control: tags -1 pending
Control: severity 789401 important
On Wed, Aug 05, 2015 at 01:33:43PM +0200, Jakub Wilk wrote:
* Mattia Rizzolo mat...@mapreri.org, 2015-08-04, 07:41:
pbuilder builds the package in $BUILDPLACE/tmp/buildd. But
$BUILDPLACE/tmp is normally world-writable, and pbuilder
* Mattia Rizzolo mat...@mapreri.org, 2015-08-04, 07:41:
pbuilder builds the package in $BUILDPLACE/tmp/buildd. But
$BUILDPLACE/tmp is normally world-writable, and pbuilder doesn't fail
if the buildd direcory already exists:
mkdir -p $BUILDPLACE/tmp/buildd
There's a race window between
On Sat, Jun 20, 2015 at 05:04:03PM +0200, Jakub Wilk wrote:
pbuilder builds the package in $BUILDPLACE/tmp/buildd. But $BUILDPLACE/tmp
is normally world-writable, and pbuilder doesn't fail if the buildd direcory
already exists:
mkdir -p $BUILDPLACE/tmp/buildd
There's a race window
Source: pbuilder
Version: 0.215+nmu3
Severity: grave
Tags: security
pbuilder builds the package in $BUILDPLACE/tmp/buildd.
But $BUILDPLACE/tmp is normally world-writable, and pbuilder doesn't
fail if the buildd direcory already exists:
mkdir -p $BUILDPLACE/tmp/buildd
There's a race
10 matches
Mail list logo