[php-maint] Bug#766147: AW: Bug#766147: php5-common: session cleanup can be misused to change modification time of arbitrary files to "now" when symlink protection not enabled

Fiedler Roman Roman.Fiedler at ait.ac.at
Tue Oct 21 08:55:52 UTC 2014


> Von: Ondřej Surý [mailto:ondrej at sury.org]
> 
> Hi,
> 
> TL;DR: "s/touch -c/touch -c -h/", right?

This will fix it for arbitrary symlinks, the only remaining issues would be

a) keeping open a file ".. xxxx", which will update the parent directory modification time.
b) keeping open a file "[otherfilename] [random]", which will prevent arbitrary other sessions from timing out. Since most likely malicious process should be "www-data", this is not of any significance.

[Removed]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6344 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20141021/c36f11d2/attachment-0001.bin>


More information about the pkg-php-maint mailing list