main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.
The patch has been merged in upstream. Please bump.
Gentoo Security Padawan
Bumped to 1.10.0
@maintainer, please let us know when you want to stabilize.
We can stabilize this any time
@arches, please stabilize.
The bug has been referenced in the following commit(s):
Author: Tobias Klausmann <firstname.lastname@example.org>
AuthorDate: 2018-11-27 16:00:55 +0000
Commit: Tobias Klausmann <email@example.com>
CommitDate: 2018-11-27 16:00:55 +0000
net-proxy/tinyproxy-1.10.0-r1: alpha stable
Signed-off-by: Tobias Klausmann <firstname.lastname@example.org>
net-proxy/tinyproxy/tinyproxy-1.10.0-r1.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Stable on alpha.
tree is now clean.