Summary: | app-misc/dnetc: root privilege escalation via "chown -R" in pkg_postinst | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> |
Component: | Auditing | Assignee: | Gentoo Security Audit Team <security-audit> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | ahipp0, robbat2 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 691252 |
Description
Michael Orlitzky
2017-09-12 14:44:41 UTC
Robin recently announced that this package was up for grabs. Unmaintained and vulnerable are a bad combination -- can we please make this bug public, so that I can reference it in package.mask? Here's the mailing list thread, if anyone is curious: https://archives.gentoo.org/gentoo-dev/message/c43a368ff49d3e8f8c28937db9a700e1 package.mask incoming. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44a0da0e02e234f1d43b1801fe2b6de12b2c6885 commit 44a0da0e02e234f1d43b1801fe2b6de12b2c6885 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2019-08-18 22:59:47 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2019-08-18 23:04:01 +0000 profiles: mask app-misc/dnetc for eventual removal. Bug: https://bugs.gentoo.org/630808 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+) I can perhaps step up as a proxy maintainer for dnetc. It's actually has the latest release in-tree already, so just the chown needs to be fixed, I suppose. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=446f997c23defe312ab8e5b386dcef06e01a29f1 commit 446f997c23defe312ab8e5b386dcef06e01a29f1 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2019-09-14 23:28:34 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2019-09-14 23:29:59 +0000 app-misc/dnetc: Remove last-rited package Closes: https://bugs.gentoo.org/405521 Closes: https://bugs.gentoo.org/691946 Bug: https://bugs.gentoo.org/630808 Closes: https://bugs.gentoo.org/691252 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> app-misc/dnetc/Manifest | 6 -- app-misc/dnetc/dnetc-2.9108.517.ebuild | 93 ------------------------------ app-misc/dnetc/dnetc-2.9112.521.ebuild | 100 --------------------------------- app-misc/dnetc/files/dnetc.confd | 18 ------ app-misc/dnetc/files/dnetc.initd | 88 ----------------------------- app-misc/dnetc/metadata.xml | 11 ---- 6 files changed, 316 deletions(-) |