*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Jamie Strandboge (jdstrand):
Binary package hint: slrn Directories /var/log/news/ and /etc/news/ have weird ownership - news:news. Some deb scripts use these directories as trusted and write to files in them e.g. like this (from slrnpull.postinst): echo "$RET" > /etc/news/server These directories must not be writable by non-root as it might compromise root via specially crafted symlinks/hardlinks/etc. by user or group "news". As these directories are not owned by a single package, but are created by each package, I'm reporting the bug to all packages owning files in these directories: $ apt-file search /etc/news/ | cut -d: -f1 | uniq ifgate inn inn2 inn2-inews innfeed leafnode slrn slrnpull uucpsend ** Affects: ifmail (Ubuntu) Importance: Undecided Status: New ** Affects: inn (Ubuntu) Importance: Undecided Status: New ** Affects: inn2 (Ubuntu) Importance: Undecided Status: New ** Affects: innfeed (Ubuntu) Importance: Undecided Status: New ** Affects: leafnode (Ubuntu) Importance: Undecided Status: New ** Affects: slrn (Ubuntu) Importance: Undecided Status: New ** Affects: uucpsend (Ubuntu) Importance: Undecided Status: New -- wrong ownership of /var/log/news/ and /etc/news/ https://bugs.launchpad.net/bugs/731547 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
