Date: Sun, 10 Nov 2002 10:11:51 +1100 From: Joshua Goodall <joshua@roughtrade.net> To: jdp@freebsd.org Cc: security@freebsd.org Subject: Security issue in net/cvsup-mirror port Message-ID: <20021109231151.GF33758@roughtrade.net>
next in thread | raw e-mail | index | archive | help
Hi, Better not to file a PR for this, I feel. I was just passing by net/cvsup-mirror/files/cvsupd.sh when I noticed that it appends to the fixed-name file /var/tmp/cvsupd.out Therefore if I were a malicious user, I could make a symlink of that name in /var/tmp to effect arbitrary file corruption. If I was really clever, I might point it at /root/.ssh/authorized_keys and use secondary means to get cvsupd's output to include my public key. Consider changing it to /var/log/cvsupd.out ? Regards, Joshua. -- Joshua Goodall joshua@roughtrade.net "Your byte hit ratio is weak, old man" "If you cache me now, I will dump more core than you can possibly imagine" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021109231151.GF33758>