On Mon, Aug 29, 2005 at 01:44:42PM +0200, Enrico Zini wrote: > > On Sat, Aug 13, Enrico Zini wrote: > > > Oh! That's a bad bug, security-related, critical severity. Could you > > > please report it?
> > Sorry about the delay. I can't see quite how the exploit would > > work, even as a "grave" user-versus-user attack, but it smells > > vaguely of buffer-overflow risk as well as being a violation of > > policy 10.9 and generally bad behaviour. > Thanks for reporting. I pinged upstream pointing him at the report, I > hope he gets back to me quickly. > It can surely be used to fill up disk space on a DoS attack. I don't > know anything about Ocaml's serialisations methods so I can't say if > this could be exploited to cause a buffer overflow. > In the meantime, the problem seems to be in io.ml, line 65: > Unix.chmod tmp 0o666; > I've asked upstream if he can see any problems in just removing that > line. You probably want some way instead to ensure that such files are created with 0644 mode if they're system-wide entries created by root; I see that you've closed this bug with a changelog entry saying to set the umask, but unless you're also setting the umask at some point there's no guarantee that the root user's umask is sanely configured, either. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
