Tilman Koschnick
2010-Jan-27 19:19 UTC
[Secure-testing-team] Bug#567175: gmetad: creates world read/writable rrd data files
Package: gmetad Version: 3.1.2-2.1 Severity: grave Tags: security Justification: causes non-serious data loss Hi, gmetad creates its RRD data files with permissions 666, in world-accessible directories (755), e.g.: $ ls -ld /var/lib/ganglia/rrds/__SummaryInfo__ drwxr-xr-x 2 nobody root 4096 2010-01-26 23:14 /var/lib/ganglia/rrds/__SummaryInfo__ $ ls -l /var/lib/ganglia/rrds/__SummaryInfo__ total 672 -rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 boottime.rrd -rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 bytes_in.rrd -rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 bytes_out.rrd -rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 cpu_aidle.rrd -rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 cpu_idle.rrd -rw-rw-rw- 1 nobody root 23648 2010-01-26 23:14 cpu_nice.rrd [...] As a result, any local user can not only read the full datasets collected by gmetad (probably not an issue), but can tamper with them or just simply truncate them, causing data loss and denial of service. A fix would have take care of newly created files, as well as any files that have previously been created. Cheers, Til -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, ''stable''), (400, ''unstable''), (300, ''testing''), (200, ''experimental'') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30-bpo.2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash