Bug#789404: pbuilder: insecure use of /tmp
Mattia Rizzolo
mattia at mapreri.org
Mon Aug 10 07:45:28 UTC 2015
On Mon, Aug 10, 2015 at 01:32:54AM +0200, Jakub Wilk wrote:
> * Jakub Wilk <jwilk at debian.org>, 2015-06-20, 17:04:
> >pbuilder builds the package in $BUILDPLACE/tmp/buildd. But $BUILDPLACE/tmp
> >is normally world-writable, and pbuilder doesn't fail if the buildd
> >direcory already exists:
> >
> > mkdir -p "$BUILDPLACE/tmp/buildd"
> >
> >There's a race window between unpacking base.tgz and the mkdir call when
> >malicious local user could create their own $BUILDPLACE/tmp/buildd.
>
> As Mattia correctly noted in another mail, tmp/builddr is stored in the
> tarball, so (assuming that tar unpacks it securely...) there's no race
> window when you build a package.
*can* be stored in the tarball. If a user wants to use it's own tarball
creation system the directory will be created at build time.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: http://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pbuilder-maint/attachments/20150810/c8937826/attachment-0001.sig>
More information about the Pbuilder-maint
mailing list