The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


A security-related bug in RPM


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Mon, 29 Dec 1997 09:56:58 +0500 (ESK)
Date: Sat, 27 Dec 1997 21:04:59 +0300
From: Savochkin Andrey Vladimirovich <[email protected]>
To: [email protected]
Subject: A security-related bug in RPM

[To the moderator: I already sent a letter about this bug. But I think
my previous explanation of the bug wasn't clear. So the second try :-)]

RPM (RedHat package manager) has a command-line option
to fix file permissions and ownership
according to ones specified in the package database.

Unfortunately the implementation of this option is buggy.
The bug can cause changing permissions of certain files
to 0777 (which means writable-to-everyone files).

I recommend to all people using RPM do not run "rpm --setperms"
or "rpm --setugids" until the bug be fixed.
And I recommend to everybody who doesn't sure that neither he by his hands nor
any scripts on his system never invoked RPM with such options
to verify file permissions on his filesystem.

The nature of the bug seems to allow changing file permissions
only to 0777 so "find / -perm -0777" will find all files with
changed permissions.

Regards,
                                        Andrey V.
                                        Savochkin

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру