Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack. Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 http://www.gossamer-threads.com/lists/perl/porters/233695 http://www.openwall.com/lists/oss-security/2008/11/28/2 Reproducible: Always
CVE-2008-5302: Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5302
There's a patch in the Debian BTS, please apply. Perl herd, do you know if upstream is tracking these issues?
=dev-lang/perl-5.8.8-r6 is in the tree. It hopefully fixes what it is supposed to fix. instead of the old perl-5.8.8-CAN-2005-0448-rmtree.patch it uses the patch from debian's 5.8.8-7etch6 (<http://git.debian.org/?p=perl/perl.git;a=commit;h=785f6c24dac9ad3cd73ad615fc00d522de1f8bec>) @perl-team: wrt https://bugs.gentoo.org/show_bug.cgi?id=79685#c14 and following: do we need to apply this patch during src_install or does src_unpack work? Please comment or help testing! Masked.
Any progress here? Perl herd?
(In reply to comment #3) > wrt https://bugs.gentoo.org/show_bug.cgi?id=79685#c14 and following: > do we need to apply this patch during src_install or does src_unpack work? > Please comment or help testing! > > Masked. Unmasked. Let's see how it fails in real. If it fails we can remove the check from Errno like <http://git.debian.org/?p=perl/perl.git;a=commitdiff;h=3aeef0d05733293d7bc48c5b235f8bec9c42f420> Security, please proceed. Thanks
security: ping, you never replied back after May?
5.8.8-r8 is stable.
Added to pending GLSA request.
This issue was resolved and addressed in GLSA 201311-17 at http://security.gentoo.org/glsa/glsa-201311-17.xml by GLSA coordinator Sergey Popov (pinkbyte).