Date: Wed, 21 Nov 2001 20:38:06 +0100 (CET) From: <airot@lazir.toya.net.pl> To: The Anarcat <anarcat@anarcat.dyndns.org> Cc: FreeBSD Security Issues <FreeBSD-security@FreeBSD.ORG> Subject: Re: fun with pkg_add Message-ID: <Pine.LNX.4.33.0111212032370.22602-100000@lazir.toya.net.pl> In-Reply-To: <20011121191808.GD44370@shall.anarcat.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Nov 2001, The Anarcat wrote: > Hi! > > I just noticed something that could be a problem with pkg_add > algorithms. When it installs a package, it first untars it in a > temporary directory. The problem is that the subdirectories of the > package created this way are world-writable: > > $ ftp -a ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/All/auctex-10.0g.tgz > $ pkg_add auctex-10.0g.tgz > ^Z ^Z is SIGTSTP it susspend prcoesses, there is a very small posibilty that our 'attacker' will change somthing when you are installing package. ;-) I didn`t check the /var/tmp/inst* directory permissions, but i guess it`s imposible to exploit this security issue. Regards. airot... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0111212032370.22602-100000>