Debian Bug report logs -
#778950
shadow: CVE-2013-4235 symbolic link race condition
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
:
Bug#778950
; Package src:shadow
.
(Sun, 22 Feb 2015 02:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>
:
New Bug report received and forwarded. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
.
(Sun, 22 Feb 2015 02:39:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: src:shadow
severity: normal
tags: security
This issue was disclosed a couple years ago:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
It isn't very severe, but it is still currently unfixed.
Best wishes,
Mike
Information forwarded
to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
:
Bug#778950
; Package src:shadow
.
(Wed, 25 Feb 2015 06:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Serge Hallyn <serge.hallyn@ubuntu.com>
:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
.
(Wed, 25 Feb 2015 06:45:05 GMT) (full text, mbox, link).
Message #10 received at 778950@bugs.debian.org (full text, mbox, reply):
So it seems like the most robust way to handle this would be to at the top
of remove_tree do something like:
fd = open(root);
ret = fstat(fd, &sb);
if (S_ISLNK(fd))
return -1; // or unlink it, but warning the admin seems best
DIR = fopendir(fd);
Is there another approach?
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:19:07 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.