[php-maint] Bug#766147: AW: Bug#766147: php5-common: session cleanup can be misused to change modification time of arbitrary files to "now" when symlink protection not enabled
Fiedler Roman
Roman.Fiedler at ait.ac.at
Tue Oct 21 08:55:52 UTC 2014
> Von: Ondřej Surý [mailto:ondrej at sury.org]
>
> Hi,
>
> TL;DR: "s/touch -c/touch -c -h/", right?
This will fix it for arbitrary symlinks, the only remaining issues would be
a) keeping open a file ".. xxxx", which will update the parent directory modification time.
b) keeping open a file "[otherfilename] [random]", which will prevent arbitrary other sessions from timing out. Since most likely malicious process should be "www-data", this is not of any significance.
[Removed]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6344 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20141021/c36f11d2/attachment-0001.bin>
More information about the pkg-php-maint
mailing list