possible privilege escalation via predicatable tmpfile
Bug #912762 reported by
Julian Taylor
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wakeup (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Oneiric |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
wakeup uses temporary files insecurly in multiple places in the code.
e.g. this code in data/scripts/
eval "$dosudo crontab -l >$tmpfile"
echo "$snoozetime /usr/bin/wakeup $1 $2 >/dev/null 2>&1"\
eval "$dosudo crontab $tmpfile; rm $tmpfile"
there also many uses os.system which could be a problem, but I did not check if any of them are exploitable.
affects 1.0-0ubuntu1 and 1.1-0ubuntu1.
Related branches
description: | updated |
description: | updated |
Changed in wakeup (Ubuntu): | |
status: | Confirmed → Fix Committed |
Changed in wakeup (Ubuntu): | |
status: | Fix Committed → In Progress |
Changed in wakeup (Ubuntu Oneiric): | |
status: | Fix Committed → Won't Fix |
To post a comment you must log in.
Looks like this got fixed in the following commit:
http:// bazaar. launchpad. net/~dsglass/ wakeup/ release- 1.0/revision/ 10