Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Nov 2001 20:38:06 +0100 (CET)
From:      <airot@lazir.toya.net.pl>
To:        The Anarcat <anarcat@anarcat.dyndns.org>
Cc:        FreeBSD Security Issues <FreeBSD-security@FreeBSD.ORG>
Subject:   Re: fun with pkg_add
Message-ID:  <Pine.LNX.4.33.0111212032370.22602-100000@lazir.toya.net.pl>
In-Reply-To: <20011121191808.GD44370@shall.anarcat.dyndns.org>

next in thread | previous in thread | raw e-mail | index | archive | help


On Wed, 21 Nov 2001, The Anarcat wrote:

> Hi!
>
> I just noticed something that could be a problem with pkg_add
> algorithms. When it installs a package, it first untars it in a
> temporary directory. The problem is that the subdirectories of the
> package created this way are world-writable:
>
> $ ftp -a ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/All/auctex-10.0g.tgz
> $ pkg_add auctex-10.0g.tgz
> ^Z
^Z is SIGTSTP it susspend prcoesses, there is a very small posibilty that
our 'attacker' will change somthing when you are installing package. ;-)
I didn`t check the /var/tmp/inst* directory permissions, but i guess it`s
imposible to exploit this security issue.

Regards.
airot...


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0111212032370.22602-100000>