Summary: | emerge makes files in /tmp, not very secure | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Toni DiBoulda <boulder_flight_technician> |
Component: | Core | Assignee: | Portage team <dev-portage> |
Status: | RESOLVED DUPLICATE | ||
Severity: | critical | CC: | avenj, security |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
This is pretty major -- a newsgroup poster just pointed this one out. Any Gentoo system can trivially be damaged extremely badly with this one, as far as I can tell. |
Reproducible: Always Steps to Reproduce: 1. cd /tmp 2. mkdir sandboxpids.tmp 3. emerge something 4. watch very confusing error message (steps 1, 2 and 4 done as any user, need to be root for step 3) Actual Results: Calculating dependencies ...done! >>> emerge (1 of 1) some-cat/something to / >>> md5 src_uri ;-) something.tar.gz >>> /tmp/sandboxpids.tmp is not a regular file>>> pids file write: Bad address Expected Results: to bring down emerge should not be made that easy !!! Emerge seems to test if sandboxpids.tmp is a regular file only. If it is !!! hard link to existing file, existing file is empty when emerge is done. !!! Very dangerous.