From owner-freebsd-security  Wed Nov 21 11:41:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from tomts11-srv.bellnexxia.net (tomts11.bellnexxia.net [209.226.175.55])
	by hub.freebsd.org (Postfix) with ESMTP id 6E61637B43F
	for <FreeBSD-security@freebsd.org>; Wed, 21 Nov 2001 11:40:25 -0800 (PST)
Received: from khan.anarcat.dyndns.org ([65.94.128.110])
          by tomts11-srv.bellnexxia.net
          (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP
          id <20011121194024.PUEQ24249.tomts11-srv.bellnexxia.net@khan.anarcat.dyndns.org>;
          Wed, 21 Nov 2001 14:40:24 -0500
Received: from shall.anarcat.dyndns.org (shall.anarcat.dyndns.org [192.168.0.1])
	by khan.anarcat.dyndns.org (Postfix) with ESMTP
	id E2C481A4F; Wed, 21 Nov 2001 14:41:37 -0500 (EST)
Received: by shall.anarcat.dyndns.org (Postfix, from userid 1000)
	id 953F120ADB; Wed, 21 Nov 2001 14:42:00 -0500 (EST)
Date: Wed, 21 Nov 2001 14:41:59 -0500
From: The Anarcat <anarcat@anarcat.dyndns.org>
To: Eric Anderson <anderson@centtech.com>
Cc: FreeBSD Security Issues <FreeBSD-security@freebsd.org>
Subject: Re: fun with pkg_add
Message-ID: <20011121194159.GA69296@shall.anarcat.dyndns.org>
Mail-Followup-To: Eric Anderson <anderson@centtech.com>,
	FreeBSD Security Issues <FreeBSD-security@freebsd.org>
References: <20011121191808.GD44370@shall.anarcat.dyndns.org> <3BFC025D.36710154@centtech.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7"
Content-Disposition: inline
In-Reply-To: <3BFC025D.36710154@centtech.com>
User-Agent: Mutt/1.3.23.2i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed Nov 21, 2001 at 01:37:01PM -0600, Eric Anderson wrote:
> The only danger I see is a potential that the user could
> replace the binary with a hacked version, between untaring
> and installing, creating a breach.=20

Yes. This is what I saw too.

> Other than that, it's the same as a /var/tmp directory almost.=20

Except that /var/tmp is a "known issue" and admins are generally aware
of its vulnurability. Admins surely don't expect their installed
packages to be overwritable.

I will open a pr about this.

A.

--fdj2RfSjLxBAspz7
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjv8A4UACgkQttcWHAnWiGd2aQCdHzckZUYreDSKVtaVl/hkfWWe
ZTsAnROAnjek6mBgldouNttfjTbWBjAC
=g30E
-----END PGP SIGNATURE-----

--fdj2RfSjLxBAspz7--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message