[Pkg-citadel-devel] Bug#496359: The possibility of attack with the help of symlinks in some Debian packages

Moritz Muehlenhoff jmm at inutil.org
Tue Aug 26 20:59:28 UTC 2008


tags 496359 confirmed patch
thanks

Dmitry E. Oboukhov wrote:
> Package: citadel-server
> Severity: grave
> 
> Hi, maintainer!
> 
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files or user's files.

This can indeed be used for symlink attacks during postinst phase,
attached patch fixes it.

Cheers,
        Moritz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: citadel-tmp.diff
Type: text/x-diff
Size: 848 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-citadel-devel/attachments/20080826/bdddd425/attachment.diff 


More information about the Pkg-citadel-devel mailing list