Package: live-build Severity: normal Version: 1:20170213 Tags: security User: tails-...@boum.org Usertags: misc-reported
Hi! when the config/includes.chroot/etc/resolv.conf file exists in the source tree, it is copied into the rootfs with "cp -a". So for example, if I've cloned a lb config source tree using Git as my user, the resulting live system has a /etc/resolv.conf owned by 1000:1000, and thus writable by the default live user. Depending on the exact context in which the live system is used, the security impact can be non-existent or rather severe. Disclaimer: I've only verified this behavior on Tails' patched live-build 2.x. Sorry! But the affected code looks very much the same on the current master branch. Cheers, -- intrigeri
