/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

  • Committer: Teddy Hogeborn
  • Date: 2014-06-08 03:10:08 UTC
  • Revision ID: teddy@recompile.se-20140608031008-mc9bd7b024a3q0y0
Address a very theoretical possible security issue in mandos-client.

If there were to run some sort of "cleaner" process for /run/tmp (or
/tmp), and mandos-client were to run for long enough for that cleaner
process to remove the temporary directory for GPGME, there was a
possibility that another unprivileged process could trick the (also
unprivileged) mandos-client process to remove other files or symlinks
which the unprivileged mandos-client process was allowed to remove.
This is not currently known to have been exploitable, since there are
no known initramfs environments running such cleaner processes.

* plugins.d/mandos-client.c (main): Use O_NOFOLLOW when opening
                                    tempdir for cleaning.
Filename Latest Rev Last Changed Committer Comment Size
..
po 199 16 years ago Teddy Hogeborn * Makefile: Bug fix: fix syntax error. * debian/c Diff
source 452.1.1 14 years ago Teddy Hogeborn * debian/source/format: New; contains "3.0 (quilt) Diff
upstream 678 10 years ago Teddy Hogeborn Fix location and format of signing key file. * de Diff
changelog 237.4.47 10 years ago Teddy Hogeborn * debian/changelog (1.6.5-3): New entry. 16 KB Diff Download File
compat 626 11 years ago Teddy Hogeborn * Makefile (CFLAGS, LDFLAGS): Keep default flags f 2 bytes Diff Download File
control 685 10 years ago Teddy Hogeborn Depend on new enough version of dpkg-dev. * debia 2.6 KB Diff Download File
copyright 659 10 years ago Teddy Hogeborn * debian/copyright: Change year to "2014". * mando 1 KB Diff Download File
mandos-client.dirs 302 15 years ago Teddy Hogeborn * Makefile (install-client-nokey): Move "initramfs 147 bytes Diff Download File
mandos-client.docs 594 12 years ago Teddy Hogeborn * debian/copyright (Copyright): Join the two lines 17 bytes Diff Download File
mandos-client.examples 594 12 years ago Teddy Hogeborn * debian/copyright (Copyright): Join the two lines 16 bytes Diff Download File
mandos-client.links 191 16 years ago Teddy Hogeborn * debian/mandos-client.docs: New. Add README and 93 bytes Diff Download File
mandos-client.lintian-overrides 652 10 years ago Teddy Hogeborn Bug fix from libdir change: make plugins get setui 1.4 KB Diff Download File
mandos-client.postinst 505.1.13 13 years ago Teddy Hogeborn Miscellaneous fixes prompted by lintian: * debian 2 KB Diff Download File
mandos-client.postrm 505.1.13 13 years ago Teddy Hogeborn Miscellaneous fixes prompted by lintian: * debian 1.2 KB Diff Download File
mandos-client.README.Debian 641 11 years ago Teddy Hogeborn Doc fix: Refer to architecture libdir. * debian/m 4 KB Diff Download File
mandos.dirs 639 11 years ago Teddy Hogeborn Bug fix: Make sure systemd service file is install 124 bytes Diff Download File
mandos.docs 423 14 years ago Teddy Hogeborn Documentation changes: * DBUS-API: New file docum 26 bytes Diff Download File
mandos.lintian-overrides 221 16 years ago Teddy Hogeborn * debian/changelog: New Debian revision. * debian 203 bytes Diff Download File
mandos.postinst 690 10 years ago Teddy Hogeborn Fix typo in code comment. * debian/mandos.postins 1.8 KB Diff Download File
mandos.prerm 505.1.13 13 years ago Teddy Hogeborn Miscellaneous fixes prompted by lintian: * debian 875 bytes Diff Download File
mandos.README.Debian 505.1.2 13 years ago Teddy Hogeborn Change "fukt.bsnet.se" to "recompile.se" throughou 445 bytes Diff Download File
File rules 683 10 years ago Teddy Hogeborn Do not run self-tests when building arch-indep Deb 918 bytes Diff Download File
watch 654 10 years ago Teddy Hogeborn Fix running of self-tests. * debian/control (Buil 132 bytes Diff Download File