[tor-bugs] #2694 [Tor bundles/installation]: Local privilege escalation vulnerability in our rpms
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun Apr 17 06:58:53 UTC 2011
#2694: Local privilege escalation vulnerability in our rpms
--------------------------------------+-------------------------------------
Reporter: arma | Owner: erinn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by rransom):
Replying to [ticket:2694 arma]:
> In tor.spec.in we do
{{{
# Older tor RPMS used a different username for the tor daemon.
# Make sure the runtime data have the right ownership.
%__chown -R %{toruser}.%{torgroup} %{_localstatedir}/{lib,log,run}/%{name}
}}}
>
> That -R will let an attacker who gets control of the _tor user get
control of other files on the system.
Not on any system with a recent version of GNU coreutils.
> The fix is to remove the -R from that line.
Or to add the -P option specified in POSIX 2001. (This is the default
behaviour of chown in GNU coreutils 8.5.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2694#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list