Bug#287601: vdradmin: Vdradmin.pl script vulnerable to symlink attacks
Wed, 29 Dec 2004 23:54:08 +0000
I demand that Thomas Schmidt may or may not have written...
> * Javier Fern=E1ndez-Sanguino Pe=F1a schrieb am 29.12.04, um 00:41 Uhr:=
>> The vdradmin.pl script does not protect itself from temporary file att=
>> since it creates several temporary files in an insecure manner
>> (/tmp/vdradmin+time, /tmp/vdr.jpg). The script does not check if the
>> temporary files tries to use already exist before using them. The atta=
>> patch (untested) tries to fix this issue.
> I am aware of this issue, and i allready prepared a version of vdradmin=
> with a small workaround - i moved the directory where the tmp-files are=
> stored to /var/cache/vdradmin/. I will ask my sponsor to upload it soon=
> Btw: I can not find your patch! ;-)
> I will also forward this to the upstream authors.
FWIW, I've posted a reference to this bug report on the VDR mailing list.=
>> I believe that the vdr sources should be reviewed to make sure that an=
>> daemon running as root cannot compromise the whole system (there are n=
>> checks for symlink attacks in the fopen calls). It should be worthwhil=
>> trying to make the daemon work as a non-root user. I will file this as=
>> separate bug referencing this one, however.
> Well, i was not aware of this issue (at least that vdr itself is affect=
> but in theory it is possible to run vdr as normal user,
s/in theory// - I'm running vdr 1.3.17 as non-root.
> it only needs a small patch to make it possible that vdr can set the
> system-time. The only problem is that changing this would require a lot=
> code in the maintainer scripts - patches for this would be very wellcom=
Have a look at the .diff.gz for my vdr package :-)
| Darren Salt | nr. Ashington, | linux (or ds) at
| woody, sarge, | Northumberland | youmustbejoking
| RISC OS | Toon Army | demon co uk
| Retrocomputing: a PC card in a Risc PC
Do like all smart motorists. Choose Crelm toothpaste!