[php-maint] Bug#618489: Bug#618489: Bug#618489: php5-common: priviledge escalation in /etc/cron.d/php5

Raphael Geissert geissert at debian.org
Thu Mar 17 03:57:50 UTC 2011


On 16 March 2011 03:40, sean finney <seanius at debian.org> wrote:
> On Wed, Mar 16, 2011 at 09:27:29AM +0000, Stephane Chazelas wrote:
>> No, please look carefully. It's not "passwd" that's the
>> symlink, it's foo (to /etc). rm would remove
>> /var/lib/php5/foo/passwd, that is it would unlink the "passwd"
>> entry from the directory pointed to by "foo", that is "/etc".
>
> oh, right.  well good catch then, i guess we'll need to prepare
> a stable security update...

Yes, I'm on it.
For sid I'm inclined to make /var/lib/php5 uid: root, gid: www-data,
and remove the world-rw mode. Why would we want to allow anyone else
to use that dir anyway? perhaps I'm missing some bits of history.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net





More information about the pkg-php-maint mailing list