From owner-freebsd-security Wed Nov 21 11:41:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from lazir.toya.net.pl (lazir.toya.net.pl [217.113.224.3]) by hub.freebsd.org (Postfix) with SMTP id CD90237B449 for ; Wed, 21 Nov 2001 11:41:23 -0800 (PST) Received: (qmail 28231 invoked by uid 791); 21 Nov 2001 19:38:06 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 21 Nov 2001 19:38:06 -0000 Date: Wed, 21 Nov 2001 20:38:06 +0100 (CET) From: To: The Anarcat Cc: FreeBSD Security Issues Subject: Re: fun with pkg_add In-Reply-To: <20011121191808.GD44370@shall.anarcat.dyndns.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 21 Nov 2001, The Anarcat wrote: > Hi! > > I just noticed something that could be a problem with pkg_add > algorithms. When it installs a package, it first untars it in a > temporary directory. The problem is that the subdirectories of the > package created this way are world-writable: > > $ ftp -a ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/All/auctex-10.0g.tgz > $ pkg_add auctex-10.0g.tgz > ^Z ^Z is SIGTSTP it susspend prcoesses, there is a very small posibilty that our 'attacker' will change somthing when you are installing package. ;-) I didn`t check the /var/tmp/inst* directory permissions, but i guess it`s imposible to exploit this security issue. Regards. airot... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message