[MBT] new ticket for pkg scrollkeeper "symlink attak on temporary files"
bugs at pld.org.pl
bugs at pld.org.pl
Thu Jan 9 17:40:00 CET 2003
Date: 2003-01-09 17:39:59+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: symlink attak on temporary files
Ticket ID: #525
Ticket URL: http://bugs.pld.org.pl/?bug=525
Package: scrollkeeper-1:0.2-4
Distribution: PLD-Ra.main
Category: security problem
Current state: opened
Text:
>From RHSA-2002:186-07:
The scrollkeeper-get-cl command generates temporary files in the /tmp directory. These files are named scrollkeeper-tempfile.[0-4], and while creating these files scrollkeeper-get-cl follows symbolic links. These files are created when a user logs in to a GNOME session and are created as the user who logged in. This means an attacker with local access can easily create and overwrite files as another user.
More information about the pld-bugs
mailing list