[DRE-maint] Bug#736958: [oss-security] CVE request: temporary file issue in Passenger rubygem
Raphael Geissert
geissert at debian.org
Wed Jan 29 14:02:07 UTC 2014
On 29 January 2014 09:57, Raphael Geissert <geissert at debian.org> wrote:
[...]
> One thing to notice, however, is that there's a race condition between
> the stat check introduced in 34b1087870c2.
> The following sequence still triggers the bogus behaviour:
>
> <user> mkdir $dir
> <phusion> lstat() (getFileTypeNoFollowSymlinks)
> <user> rmdir $dir
> <user> ln -s /target $dir
> <phusion> stat() (from verifyDirectoryPermissions)
> ...
Upstream has now fixed this with the following commit (basically using
the structure from lstat() for the two checks):
https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Pkg-ruby-extras-maintainers
mailing list