[php-maint] Bug#618489: Bug#618489: Bug#618489: Bug#618489: Bug#618489: php5-common: priviledge escalation in /etc/cron.d/php5
Raphael Geissert
geissert at debian.org
Thu Mar 17 14:47:56 UTC 2011
On 17 March 2011 03:45, Stephane Chazelas <stephane.chazelas at seebyte.com> wrote:
> 2011-03-17 08:41:28 +0100, Sean Finney:
>> I would suggest instead of using -delete, that we use -maxdepth 1.
That was my first thought, but I don't want to break any system that
is using subdirs in that directory in {,old}stable. For sid I'm okay
with using -maxdepth.
>> I think technically there's still some small window of oppurtunity (maybe
>> not exploitable, but still) in between the find comparisons and the
>> delete action
>
> GNU's -delete does some unlinkat(2) and find would use O_NOFOLLOW to
> descend into subdirs, so I don't think there would be race
> conditions there.
Yes, that's correct.
>> Regarding the permissions, I also agree and don't know why they were
>> world read/writable, whether someone was just copying the perms
>> from /tmp or had a reason to do so. Not sure whether that also warrants
>> going into stable or not, but we could at least try it out in unstable
>> and see if anyohne complains :)
I think we should only make that change in unstable. If anyone
complains I'd tell them to use a per-user directory.
> Another reason for using -delete (you're using GNU syntax
> anyway) is that files are removed just after their time stamp is
> checked.
And it avoids extra forks, yes.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the pkg-php-maint
mailing list