[Pkg-utopia-maintainers] Bug#726645: dbus: tiger reports vulnerability with dbus-daemon-launch-helper
Simon McVittie
smcv at debian.org
Fri Oct 18 08:31:52 UTC 2013
On 17/10/13 17:43, Ian Bolton wrote:
> The tiger script check_suid does the equivalent of:
>
> strings dbus-daemon-launch-helper | grep -E '\.\./'
...
> ../../dbus/dbus-connection.c
> ../../dbus/dbus-errors.c
> ../../dbus/dbus-message.c
> ../../dbus/dbus-pending-call.c
> ../../dbus/dbus-signature.c
> ../../dbus/dbus-watch.c
> ../../dbus/dbus-bus.c
> ../../dbus/dbus-server.c
This tool is presumably looking for attempts to read, write or execute
relative paths. This output looks very much like a false positive: the
strings appear in debug or warning messages to identify the module
emitting the message.
S
More information about the Pkg-utopia-maintainers
mailing list