Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 250553

Summary: Symlink attack in net-dialup/ppp-2.4.4-r21 /etc/ppp/ip-up.d/40-dns.sh
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: mrness
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [ebuild]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 235770    

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-12-10 21:09:45 UTC 
This bug is CVE-2008-5367-like, but in a different script, that why filing it not as CVE-2008-5367.

We've got: 
/etc/ppp/ip-up.d/40-dns.sh:                     } > $REALRESOLVCONF.tmp
/etc/ppp/ip-up.d/40-dns.sh:                     mv $REALRESOLVCONF.tmp $REALRESOLVCONF
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-12-10 21:50:02 UTC 
1) I should have attached it.
2) REALRESOLVCONF=$(readlink --canonicalize /etc/resolv.conf) -> normal users will not able to able to create a symlink for /etc/resolv.conf.tmp
3) I promise, I'll have a deeper look next time.

Sorry guys. :(