Summary: | net-im/openfire: root privilege escalation via "chown -R" in pkg_postinst | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | maintainer-needed, security-audit |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Michael Orlitzky
2017-09-13 18:05:47 UTC
The ".*confidential.*" red text does not actually say on the next step for this issue. Should I attach ebuild fix once I get it ready here or someone else already actively handling it? (In reply to Sergei Trofimovich from comment #1) > The ".*confidential.*" red text does not actually say on the next step for > this issue. > > Should I attach ebuild fix once I get it ready here or someone else > already actively handling it? Just fix it and post here when you're done =) There's nothing special about the private bug, I was just asked to mark these sorts of issues private until they're fixed. This issue should be fixed in the -r2. I just reordered things so that it's not necessary to call chown/chmod at any point. @security, we should open up this bug and ask the arch teams to test it. Unrestricting and reassigning to security@ per bug #705894 unrestricting per bug 705894 pkg is no longer in tree. |