[php-maint] Bug#766147: AW: Bug#766147: php5-common: session cleanup can be misused to change modification time of arbitrary files to "now" when symlink protection not enabled
Roman.Fiedler at ait.ac.at
Tue Oct 21 08:55:52 UTC 2014
> Von: Ondřej Surý [mailto:ondrej at sury.org]
> TL;DR: "s/touch -c/touch -c -h/", right?
This will fix it for arbitrary symlinks, the only remaining issues would be
a) keeping open a file ".. xxxx", which will update the parent directory modification time.
b) keeping open a file "[otherfilename] [random]", which will prevent arbitrary other sessions from timing out. Since most likely malicious process should be "www-data", this is not of any significance.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6344 bytes
Desc: not available
More information about the pkg-php-maint