Browse Source

Securely remove newly installed files when rolling-back a failed unpack

When an error occurs during unpack the code is not securely removing
the newly installed files that might be still laying around, which
gives attackers a small window were they could hard link a file with
set id bits. This situation is pretty contrived as the attacked would
need to control the failing of the package during unpack.
Guillem Jover 16 years ago
parent
commit
7738fe5398
2 changed files with 3 additions and 1 deletions
  1. 1 0
      debian/changelog
  2. 2 1
      src/archives.c

+ 1 - 0
debian/changelog

@@ -112,6 +112,7 @@ dpkg (1.15.6) UNRELEASED; urgency=low
     dpkg-deb --info or --field use mkdtemp() to create a temporary directory
     instead of insecure tempnam() or tmpnam() functions.
   * Remove --license and --licence options from tools.
+  * Securely remove newly installed files when rolling-back a failed unpack.
 
   [ Modestas Vainius ]
   * Implement symbol patterns (Closes: #563752). From now on, it is possible to

+ 2 - 1
src/archives.c

@@ -290,7 +290,8 @@ int unlinkorrmdir(const char *filename) {
     errno= e; return -1;
   }
   
-  r= unlink(filename); e= errno;
+  r = secure_unlink(filename);
+  e = errno;
   debug(dbg_eachfiledetail,"unlinkorrmdir `%s' unlink %s",
         filename, r ? strerror(e) : "OK");
   errno= e; return r;