[Secure-testing-team] Bug#567175: gmetad: creates world read/writable rrd data files
Tilman Koschnick
til at subnetz.org
Wed Jan 27 19:19:31 UTC 2010
Package: gmetad
Version: 3.1.2-2.1
Severity: grave
Tags: security
Justification: causes non-serious data loss
Hi,
gmetad creates its RRD data files with permissions 666, in world-accessible
directories (755), e.g.:
$ ls -ld /var/lib/ganglia/rrds/__SummaryInfo__
drwxr-xr-x 2 nobody root 4096 2010-01-26 23:14 /var/lib/ganglia/rrds/__SummaryInfo__
$ ls -l /var/lib/ganglia/rrds/__SummaryInfo__
total 672
-rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 boottime.rrd
-rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 bytes_in.rrd
-rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 bytes_out.rrd
-rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 cpu_aidle.rrd
-rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 cpu_idle.rrd
-rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 cpu_nice.rrd
[...]
As a result, any local user can not only read the full datasets collected by
gmetad (probably not an issue), but can tamper with them or just simply
truncate them, causing data loss and denial of service.
A fix would have take care of newly created files, as well as any files that
have previously been created.
Cheers, Til
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable'), (400, 'unstable'), (300, 'testing'), (200, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
More information about the Secure-testing-team
mailing list