develooper Front page | perl.perl5.porters | Postings from June 2008

Re: [rt.cpan.org #36982]: rmtree() makes symlink targets world-writable

From:
ntyni@debian.org via RT
Date:
June 24, 2008 08:52
Subject:
Re: [rt.cpan.org #36982]: rmtree() makes symlink targets world-writable
Message ID:
rt-3.6.HEAD-20341-1214246659-1811.36982-5-0@rt.cpan.org
       Queue: File-Path
 Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=36982 >

On Sat, Jun 21, 2008 at 02:11:57AM -0400, Bugs in File-Path via RT wrote:

> as reported in <http://bugs.debian.org/487319>, when rmtree() encounters
> a symlink, it will change the permissions of the link target to the
> permissions of the link, usually 0777.

For the record, this has now been assigned a CVE id:

 Name: CVE-2008-2827
 Status: Candidate
 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2827
 Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319
 Reference: MISC:http://rt.cpan.org/Public/Bug/Display.html?id=36982

 The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly
 check permissions before performing a chmod, which allows local users
 to modify the permissions of arbitrary files via a symlink attack, a
 different vulnerability than CVE-2005-0448 and CVE-2004-0452.

Sorry about the triplicate report on the p5p list, I wasn't aware the
CPAN ticket submissions get forwarded there too.
-- 
Niko Tyni   ntyni@debian.org




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About