[Virtual-pkg-base-maintainers] Bug#425374: base: writing in write protected files
Juergen Katins
katins.juergen at web.de
Mon May 21 10:02:43 UTC 2007
Package: base
Severity: critical
Tags: security
Justification: root security hole
made a file write protected. See this:
katzes:/etc# ls -al resolv.conf
-r--r--r-- 1 root root 51 2007-05-21 11:39 resolv.conf
It has this content:
GNU nano 2.0.2 Datei: resolv.conf
nameserver 194.97.173.125
nameserver 192.168.1.254
Then I changed the content:
GNU nano 2.0.2 Datei: resolv.conf
nameserver 194.97.173.125
nameserver 192.168.1.254
#comment
[ 3 Zeilen
geschrieben ]
("3 Zeilen
geschrieben"
means "3 lines
written")
The file was
changed allthough
it is still read
only:
katzes:/etc# ls
-al resolv.conf
-r--r--r-- 1 root
root 60
2007-05-21 11:42
resolv.conf
This is bad. A
write protected
file should not
be writable,
under no
circumstances!
:quit
_:quit
:quit
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-3-k7
Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15)
More information about the Virtual-pkg-base-maintainers
mailing list