Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 19026 - IMPORTANT default fileutils installation local root compromise!
Summary: IMPORTANT default fileutils installation local root compromise!
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Highest critical
Assignee: Daniel Ahlberg (RETIRED)
URL: http://dani.cyber.ro/stuff/lsroot.c
Whiteboard:
Keywords: SECURITY
Depends on:
Blocks:
 
Reported: 2003-04-09 01:14 UTC by Daniel
Modified: 2003-04-09 22:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel 2003-04-09 01:14:59 UTC 
it seems that default emerge of fileutils is vulnerable..


anyone else noticed ?


http://dani.cyber.ro/stuff/lsroot.c
Comment 1 Seemant Kulleen (RETIRED) gentoo-dev 2003-04-09 02:39:03 UTC 
we need to check coreutils-5.0 for this as well.

if that's safe, then we need to unmask and "move" fileutils to coreutils
Comment 2 Patrick Kursawe (RETIRED) gentoo-dev 2003-04-09 03:01:59 UTC 
Ok, Daniel, you've had your fun. But on the 01-Apr-2003 this would have been better placed.
Comment 3 Zhen Lin 2003-04-09 22:46:48 UTC 
An interesting way to convince programs they are running as root...

Bad forkbomb though.