[tor-bugs] #2694 [Tor bundles/installation]: Local privilege escalation vulnerability in our rpms
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Sep 2 13:28:03 UTC 2011
#2694: Local privilege escalation vulnerability in our rpms
--------------------------------------+-------------------------------------
Reporter: arma | Owner: erinn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by rransom):
Replying to [comment:4 weasel]:
> Replying to [comment:2 rransom]:
>
> > > That -R will let an attacker who gets control of the _tor user get
control of other files on the system.
> >
> > Not on any system with a recent version of GNU coreutils.
>
> What changed, and when?
From the NEWS file:
{{{
* Major changes in release 5.3.0 (2005-01-08) [unstable]
** Bug fixes
Several fixes to chgrp and chown for compatibility with POSIX and BSD:
Do not affect symbolic links by default.
Now, operate on whatever a symbolic link points to, instead.
To get the old behavior, use --no-dereference (-h).
}}}
> > > The fix is to remove the -R from that line.
> >
> > Or to add the -P option specified in POSIX 2001. (This is the default
behaviour of chown in GNU coreutils 8.5.)
>
> That takes care of symlinks. What about hardlinks?
Hard links are probably still a security hole with my proposed fix.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2694#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list