Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: temporary file issue in Passenger rubygem
From: Raphael Geissert <geissert () debian org>
Date: Wed, 29 Jan 2014 15:02:07 +0100

On 29 January 2014 09:57, Raphael Geissert <geissert () debian org> wrote:
[...]
One thing to notice, however, is that there's a race condition between
the stat check introduced in 34b1087870c2.
The following sequence still triggers the bogus behaviour:

<user> mkdir $dir
<phusion> lstat() (getFileTypeNoFollowSymlinks)
<user> rmdir $dir
<user> ln -s /target $dir
<phusion> stat() (from verifyDirectoryPermissions)
...

Upstream has now fixed this with the following commit (basically using
the structure from lstat() for the two checks):
https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault