security hole in /etc/cron.daily/apport
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Apport |
Fix Released
|
High
|
Martin Pitt | ||
apport (Ubuntu) |
Fix Released
|
Low
|
Jamie Strandboge | ||
Gutsy |
Won't Fix
|
Low
|
Jamie Strandboge | ||
Hardy |
Fix Released
|
Low
|
Jamie Strandboge | ||
Intrepid |
Fix Released
|
Low
|
Jamie Strandboge | ||
Jaunty |
Fix Released
|
Low
|
Jamie Strandboge | ||
apport (openSUSE) |
Fix Committed
|
Undecided
|
Jan Blunck |
Bug Description
That script has:
[ -d /var/crash ] || exit 0
find /var/crash -mindepth 1 -mtime +7 -print0 | xargs -0 rm -f
find /var/crash -mindepth 1 -empty -print0 | xargs -0 rm -f
/var/crash is world writable, so one can create directories in there.
One can for instance create a /var/crash/
I beleive -maxdepth was intended instead of -mindepth. Note that -empty, -mindepth and -maxdepth are not standard (GNU extension also found in some BSD finds).
Maybe a better way to write it:
cd /var/crash &&
find . ! -name . -prune \( -type f -mtime +7 -o -size 0 \) -exec rm -f {} +
(the + above is standard but implies a recent enough version of GNU find)
Changed in apport (Ubuntu Hardy): | |
importance: | Undecided → Low |
assignee: | Ubuntu Security Team (ubuntu-security) → Jamie Strandboge (jdstrand) |
Changed in apport (Ubuntu Intrepid): | |
importance: | Undecided → Low |
assignee: | Ubuntu Security Team (ubuntu-security) → Jamie Strandboge (jdstrand) |
Changed in apport (Ubuntu Gutsy): | |
importance: | Undecided → Low |
assignee: | Ubuntu Security Team (ubuntu-security) → Jamie Strandboge (jdstrand) |
Changed in apport (openSUSE): | |
status: | New → Confirmed |
2009-04-07 13:33:01 -0000, Stephane Chazelas:
[...]
> Maybe a better way to write it:
>
> cd /var/crash &&
> find . ! -name . -prune \( -type f -mtime +7 -o -size 0 \) -exec rm -f {} +
[...]
Sorry, misplaced braces above:
find . ! -name . -prune -type f \( -mtime +7 -o -size 0 \) -exec rm -f {} +
Best regards,
Stephane