Bug#455600: system-tools-backends: unsafe creation of PIDDIR
Michael Biebl
biebl at debian.org
Tue Dec 11 01:31:47 UTC 2007
Package: system-tools-backends
Version: 2.2.1-4
Severity: important
Tags: security
/etc/dbus-1/event.d/70system-tools-backends
contains this shell code:
if [ ! -d $PIDDIR ]; then
mkdir -p $PIDDIR
fi
but PIDDIR is nowhere defined in the shell script.
This is potentially dangerous, if PIDDIR is defined in the environment.
Michael.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (300, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.23.9
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages system-tools-backends depends on:
ii adduser 3.105 add and remove users and groups
ii libc6 2.7-4 GNU C Library: Shared libraries
ii libdbus-1-3 1.1.2-1 simple interprocess messaging syst
ii libdbus-glib-1-2 0.74-1 simple interprocess messaging syst
ii libglib2.0-0 2.14.4-2 The GLib library of C routines
ii libnet-dbus-perl 0.33.5-1 Perl extension for the DBus messag
system-tools-backends recommends no packages.
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list