thr3ads.net - Secure testing team - [Secure-testing-team] Bug#683647: logol: creates world writable directory: /var/lib/logol/results [Aug 2012]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Andreas Beckmann

2012-Aug-02 14:04 UTC

[Secure-testing-team] Bug#683647: logol: creates world writable directory: /var/lib/logol/results

Package: logol
Version: 1.5.0-2
Severity: grave
Tags: security
Justification: user security hole
User: debian-qa at lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed that your packages creates a world
writable directory:

    drwxrwxrwx 2 root root 40 Jul  1 21:59 /var/lib/logol/results

There any local user may delete/replace arbitrary files that were not
created by the user himself.


Andreas

Secure testing team - Aug 2012 - Bug#683647: logol: creates world writable directory: /var/lib/logol/results

[Secure-testing-team] Bug#683647: logol: creates world writable directory: /var/lib/logol/results