reassign 482476 apt 0.7.11 title Security: Symlink traversal in GetLock() can truncate arbitrary files thanks
Since the function at fault is in apt's libapt-pkg, not aptitude itself, reassigning to APT. See below for bug description. I am currently testing a patch for this and will follow up shortly. On Thu, May 22, 2008 at 11:19:07PM -0400, Bryan Donlan wrote: > Package: aptitude > Version: 0.4.11.2-1 > Severity: serious > > Since /var/lock is installed with mode 1777 on debian systems, if > /var/lock/aptitude does not yet exist, a normal user can symlink it to an > arbitrary location on the filesystem. Aptitude them attempts to open > this file with mode O_TRUNC, allowing an ordinary user to truncate an > arbitrary file on the filesystem the next time the system administrator > opens aptitude. > > Aptitude should use O_NOFOLLOW on the open call in question to avoid > inadverant truncation. > > -- Package-specific info: > aptitude 0.4.11.2 compiled at Apr 12 2008 04:21:26 > Compiler: g++ 4.2.3 (Debian 4.2.3-3) > Compiled against: > apt version 4.6.0 > NCurses version 5.6 > libsigc++ version: 2.0.18 > Ept support enabled. > > Current library versions: > NCurses version: ncurses 5.6.20080308 > cwidget version: 0.5.11 > Apt version: 4.6.0 > linux-gate.so.1 => (0xb7f38000) > libapt-pkg-libc6.7-6.so.4.6 => /usr/lib/libapt-pkg-libc6.7-6.so.4.6 > (0xb7e63000) > libncursesw.so.5 => /lib/libncursesw.so.5 (0xb7e27000) > libsigc-2.0.so.0 => /usr/lib/libsigc-2.0.so.0 (0xb7e21000) > libcwidget.so.3 => /usr/lib/libcwidget.so.3 (0xb7d30000) > libept.so.0 => /usr/lib/libept.so.0 (0xb7cb8000) > libxapian.so.15 => /usr/lib/libxapian.so.15 (0xb7b45000) > libz.so.1 => /usr/lib/libz.so.1 (0xb7b30000) > libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb7b18000) > libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xb7a2b000) > libm.so.6 => /lib/i686/cmov/libm.so.6 (0xb7a05000) > libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb79f8000) > libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb78aa000) > libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb78a6000) > libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb78a2000) > /lib/ld-linux.so.2 (0xb7f39000) > Terminal: screen > $DISPLAY not set. > `which aptitude`: /usr/bin/aptitude > aptitude version information: > > aptitude linkage: > > -- System Information: > Debian Release: lenny/sid > APT prefers testing > APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') > Architecture: i386 (i686) > > Kernel: Linux 2.6.18.8-domU-linode7 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages aptitude depends on: > ii apt [libapt-pkg-libc6. 0.7.11 Advanced front-end for dpkg > ii libc6 2.7-10 GNU C Library: Shared libraries > ii libcwidget3 0.5.11-1 high-level terminal interface > libr > ii libept0 0.5.17 High-level library for managing > De > ii libgcc1 1:4.3.0-3 GCC support library > ii libncursesw5 5.6+20080308-1 Shared libraries for terminal > hand > ii libsigc++-2.0-0c2a 2.0.18-2 type-safe Signal Framework for > C++ > ii libstdc++6 4.3.0-3 The GNU Standard C++ Library v3 > ii libxapian15 1.0.5-1 Search engine library > ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime > > Versions of packages aptitude recommends: > pn aptitude-doc-en | aptitude-do <none> (no description available) > ii libparse-debianchangelog-perl 1.1.1-2 parse Debian changelogs and > output > > -- no debconf information >
signature.asc
Description: Digital signature
