Package: polygen Version: 1.0.6-7 Severity: critical Tags: security Justification: root security hole
/var/lib/dpkg/info/polygen-data.postinst invokes /usr/bin/polygen on all its /usr/share/polygen/*/*.grm data files to create corresponding .grm.o files. Unfortunately polygen ignores the umask and creates all these output files with a mode of 0666. On Sat, Aug 13, Enrico Zini wrote: > Oh! That's a bad bug, security-related, critical severity. Could you > please report it? Sorry about the delay. I can't see quite how the exploit would work, even as a "grave" user-versus-user attack, but it smells vaguely of buffer-overflow risk as well as being a violation of policy 10.9 and generally bad behaviour. -- System Information: Debian Release: 3.1 Architecture: i386 (i586) Kernel: Linux 2.6.11.hurakan Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages polygen depends on: ii ocaml-base-nox [ocaml-base-no 3.08.3-3 Runtime system for ocaml bytecode -- no debconf information -- JBR Ankh kak! (Ancient Egyptian blessing) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
