[Buildd-tools-devel] Bug#422354: schroot: Regex mismatch in
sbuild/sbuild-run-parts.cc leads to unwanted execution of
stray dpkg conffiles
Roger Leigh
rleigh at debian.org
Sat May 5 11:18:44 UTC 2007
Package: schroot
Version: 1.1.1-1
Severity: grave
Tags: security patch
Justification: user security hole
Scripts in /etc/schroot/setup.d or /etc/schroot/exec.d are executed in the
same manner as /bin/run-parts. However, due to a mistake in the way
filenames are checked with regular expressions, files ending in
.dpkg-new, .dpkg-old, .dpkg-dist, .dpkg-tmp, etc.
Because these files might contain code which has been replaced in the
real copy of the conffile for security reasons, allowing these to be
executed is a potential security problem. One likely scenario is
that a user has disabled copying of the /etc/(passwd|group|shadow) from
the host system into the chroot. If the dpkg-foo conffile is executed,
this may result in both dataloss (of the user databases) and security
problems inside the chroot.
The fix is quite simple (see following patch). This is fixed by a
new upload to unstable (currently in NEW), but is still present in
stable, so a stable-security update would be desirable.
Regards,
Roger
Index: ChangeLog
===================================================================
--- ChangeLog (revision 1165)
+++ ChangeLog (working copy)
@@ -1,3 +1,10 @@
+2007-05-05 Roger Leigh <rleigh at debian.org>
+
+ * sbuild/sbuild-run-parts.cc
+ (check_filename): Use regex_search, rather than regex_match. This
+ allows partial matches where the regular expression does not match
+ the entirety of the string being searched.
+
2007-03-11 Roger Leigh <rleigh at debian.org>
* debian/changelog: Close #414415.
Index: sbuild/sbuild-run-parts.cc
===================================================================
--- sbuild/sbuild-run-parts.cc (revision 1165)
+++ sbuild/sbuild-run-parts.cc (working copy)
@@ -254,17 +254,17 @@
static regex debian_dpkg_conffile_cruft("dpkg-(old|dist|new|tmp)$",
boost::regex::extended);
- if ((regex_match(name, lanana_namespace) ||
- regex_match(name, lsb_namespace) ||
- regex_match(name, debian_cron_namespace)) &&
- !regex_match(name, debian_dpkg_conffile_cruft))
+ if ((regex_search(name, lanana_namespace) ||
+ regex_search(name, lsb_namespace) ||
+ regex_search(name, debian_cron_namespace)) &&
+ !regex_search(name, debian_dpkg_conffile_cruft))
match = true;
}
else
{
static regex traditional_namespace("^[a-zA-Z0-9_-]$",
boost::regex::basic);
- if (regex_match(name, traditional_namespace))
+ if (regex_search(name, traditional_namespace))
match = true;
}
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.18-3-powerpc
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages schroot depends on:
ii libbo 1.33.1-10 program options library for C++
ii libbo 1.33.1-10 regular expression library for C++
ii libc6 2.5-5 GNU C Library: Shared libraries
ii libgc 1:4.1.2-5 GCC support library
ii liblo 1.0.3-1.2 Run-time shared library for lockin
ii libpa 0.79-4 Pluggable Authentication Modules l
ii libst 4.1.2-5 The GNU Standard C++ Library v3
ii libuu 1.39+1.40-WIP-2006.11.14+dfsg-2+b1 universally unique id library
ii schro 1.1.1-1 common files for schroot
schroot recommends no packages.
-- no debconf information
More information about the Buildd-tools-devel
mailing list