[Virtual-pkg-base-maintainers] Bug#537299: base: user deletes files without write permission, partition full
Chiel Kooijman
chiel999 at gmail.com
Thu Jul 16 19:26:53 UTC 2009
Package: base
Severity: critical
Tags: security
Justification: root security hole
I tried to edit /etc/fstab as user (forgot to use `sudo') but, as I
noticed later, the partition that contains the root (/) files was full.
After that I tried to edit the file as superuser (I hadn't read the
message when I tried to write because I assumed it was complaining about
permission).
But when I opened the file again it was empty (it did exist; but no text,
as if created with touch).
The editor I used is vim and the filesystem is ext2.
Chiel Kooijman
PS
I hope I'm not scaring people about a non-issue, this is my first bug
report and I tried to fill out everything as precise as I could.
I do not believe this is a bug in vim as I think no program run under a
normal user should be able to edit a file without write permission.
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
More information about the Virtual-pkg-base-maintainers
mailing list