Просмотр исходного кода

Securely remove newly installed files when rolling-back a failed unpack

When an error occurs during unpack the code is not securely removing
the newly installed files that might be still laying around, which
gives attackers a small window were they could hard link a file with
set id bits. This situation is pretty contrived as the attacked would
need to control the failing of the package during unpack.
Guillem Jover лет назад: 16
Родитель
Сommit
7738fe5398
2 измененных файлов с 3 добавлено и 1 удалено
  1. 1 0
      debian/changelog
  2. 2 1
      src/archives.c

+ 1 - 0
debian/changelog

@@ -112,6 +112,7 @@ dpkg (1.15.6) UNRELEASED; urgency=low
     dpkg-deb --info or --field use mkdtemp() to create a temporary directory
     instead of insecure tempnam() or tmpnam() functions.
   * Remove --license and --licence options from tools.
+  * Securely remove newly installed files when rolling-back a failed unpack.
 
   [ Modestas Vainius ]
   * Implement symbol patterns (Closes: #563752). From now on, it is possible to

+ 2 - 1
src/archives.c

@@ -290,7 +290,8 @@ int unlinkorrmdir(const char *filename) {
     errno= e; return -1;
   }
   
-  r= unlink(filename); e= errno;
+  r = secure_unlink(filename);
+  e = errno;
   debug(dbg_eachfiledetail,"unlinkorrmdir `%s' unlink %s",
         filename, r ? strerror(e) : "OK");
   errno= e; return r;