non-issues in dailyaidecheck script in Debian's packaging of AIDE

[Solar Designer <solar () openwall com>]

Hi,

Ho Ngoc Thien Phu, CC'ed here, reported to linux-distros a couple of
ways to abuse "/usr/share/aide/bin/dailyaidecheck (shipped with AIDE
0.19.x in Debian and derivatives)" to run arbitrary commands, if the
configuration file /etc/default/aide is writable by the attacker.

However, that file is trusted input, it must not be writable by any
attacker, and indeed by default it is not.  The MAILCMD variable in the
file directly specifies a command to be run, so concerns about the
configuration file also allowing to run arbitrary commands in weirder
ways look irrelevant.

I am posting this to oss-security for the sake of completeness, because
it was on linux-distros.  Otherwise, there's nothing to see here.

That said, it's good that people are looking at AIDE and its packaging,
which I think is in need of a proper security audit.

Alexander