[Pkg-clamav-devel] Bug#606543: clamav-freshclam: affected by privilege escalation vulnerability in logrotate
Olaf van der Spek
olafvdspek at gmail.com
Fri Dec 10 09:12:50 UTC 2010
On Fri, Dec 10, 2010 at 9:43 AM, Michael Tautschnig <mt at debian.org> wrote:
>> These lines from this package's maintainer scripts suggest that it likely
>> is affected by the vulnerability:
>>
>> ---------------------------------------------------------------------------
>> chmod 640 $FRESHCLAMLOGFILE
>> chown "$dbowner":adm $FRESHCLAMLOGFILE
>> ---------------------------------------------------------------------------
>>
>
> What is wrong about these two lines? And even from ...
It suggests the daemon itself creates the file. Copytruncate suggests
logrotate also creates the file.
Logrotate runs as root, so if the attacker (running as daemon user)
creates the symlink, logrotate might overwrite an arbitrary file (I
guess).
Olaf
More information about the Pkg-clamav-devel
mailing list