[Bug 1235975] [NEW] Unsafe file and directory permissions
Jamie Strandboge
jamie at ubuntu.com
Sun Oct 6 14:23:54 UTC 2013
*** This bug is a security vulnerability ***
Public security bug reported:
# ls -ld /var/log/system-image/
drwxrwxrwx 2 root root 4096 Sep 24 16:02 /var/log/system-image/
# ls -l /var/log/system-image/client.log
-rw-rw-rw- 1 root root 23927 Oct 6 09:11 /var/log/system-image/client.log
# ls -ld /tmp/system-image/
drwxrwxrwx 2 root root 260 Oct 6 09:11 /tmp/system-image/
Also, predictable temporary file (/tmp/system-image). This was mentioned
in bug #1233521
# system-image-cli -i
current build number: 78
device name: mako
channel: stable
last update: 2013-10-03 13:05:32
version version: 78
version ubuntu: 20131003
version device: 20131002.1
** Affects: system-image (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to system-image in Ubuntu.
https://bugs.launchpad.net/bugs/1235975
Title:
Unsafe file and directory permissions
Status in “system-image” package in Ubuntu:
New
Bug description:
# ls -ld /var/log/system-image/
drwxrwxrwx 2 root root 4096 Sep 24 16:02 /var/log/system-image/
# ls -l /var/log/system-image/client.log
-rw-rw-rw- 1 root root 23927 Oct 6 09:11 /var/log/system-image/client.log
# ls -ld /tmp/system-image/
drwxrwxrwx 2 root root 260 Oct 6 09:11 /tmp/system-image/
Also, predictable temporary file (/tmp/system-image). This was
mentioned in bug #1233521
# system-image-cli -i
current build number: 78
device name: mako
channel: stable
last update: 2013-10-03 13:05:32
version version: 78
version ubuntu: 20131003
version device: 20131002.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/system-image/+bug/1235975/+subscriptions
More information about the foundations-bugs
mailing list