1523630 – p11-kit-trust shouldn't write to /usr

Bug 1523630 - p11-kit-trust shouldn't write to /usr

Summary: p11-kit-trust shouldn't write to /usr

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	p11-kit
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Daiki Ueno
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-12-08 12:41 UTC by Kai Engert (:kaie) (inactive account)
Modified:	2018-03-01 10:21 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-03-01 10:21:31 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Kai Engert (:kaie) (inactive account) 2017-12-08 12:41:53 UTC

Today it's possible to use write access through p11-kit-trust.so to write to the "Default Trust" token, which results in data being written into the /usr directory. (Requires root permission.)

I think it should never write to /usr, because:
- /usr may be read only on many systems
- /usr isn't supposed to get local system configuration,
  as the name implies it should limit to the default configuration
  (installed as part of RPM packages)

Comment 1 Fedora End Of Life 2018-02-20 15:26:56 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle.
Changing version to '28'.

Comment 2 Daiki Ueno 2018-03-01 10:21:31 UTC

This should be fixed in p11-kit-0.23.10-1.

Note You need to log in before you can comment on or make changes to this bug.