When an error occurs during unpack the code is not securely removing the newly installed files that might be still laying around, which gives attackers a small window were they could hard link a file with set id bits. This situation is pretty contrived as the attacked would need to control the failing of the package during unpack.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||