***BOGO*** Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

["Dmitry E. Oboukhov" <dimka@xxxxxx>]

Package: mplayer nws ppp twiki
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some	system
file.

I set Severity into grave for  this  bug.   The  table	of  discovered
problems is below.

+------------------+-----------------+----------------------------------
|    package       |  script         | file for attack
+------------------+-----------------+----------------------------------
| mplayer-1.0~rc2  |  config         | /tmp/HACK (pipe)
|                  |                 |
| nws-2.13         |  postinst       | /tmp/nws.debug (cp)
|                  |                 |
| ppp-2.4.4rel     |  postinst       | /tmp/probe-finished (rm -f, pipe)
|                  |  postinst       | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb       |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|                  |                 |
| twiki-4.1.2      |  postinst       | /tmp/twiki  (chmod 1777, chown)
+------------------+-----------------+----------------------------------


-- 
To UNSUBSCRIBE, email to debian-devel-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx