[php-maint] Bug#618489: Bug#618489: Bug#618489: Bug#618489: Bug#618489: php5-common: priviledge escalation in /etc/cron.d/php5

Raphael Geissert geissert at debian.org
Thu Mar 17 14:47:56 UTC 2011

On 17 March 2011 03:45, Stephane Chazelas <stephane.chazelas at seebyte.com> wrote:
> 2011-03-17 08:41:28 +0100, Sean Finney:
>> I would suggest instead of using -delete, that we use -maxdepth 1.

That was my first thought, but I don't want to break any system that
is using subdirs in that directory in {,old}stable. For sid I'm okay
with using -maxdepth.

>> I think technically there's still some small window of oppurtunity (maybe
>> not exploitable, but still) in between the find comparisons and the
>> delete action
> GNU's -delete does some unlinkat(2) and find would use O_NOFOLLOW to
> descend into subdirs, so I don't think there would be race
> conditions there.

Yes, that's correct.

>> Regarding the permissions, I also agree and don't know why they were
>> world read/writable, whether someone was just copying the perms
>> from /tmp or had a reason to do so.  Not sure whether that also warrants
>> going into stable or not, but we could at least try it out in unstable
>> and see if anyohne complains :)

I think we should only make that change in unstable. If anyone
complains I'd tell them to use a per-user directory.

> Another reason for using -delete (you're using GNU syntax
> anyway) is that files are removed just after their time stamp is
> checked.

And it avoids extra forks, yes.

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

More information about the pkg-php-maint mailing list