Red Hat Bugzilla – Bug 155746
CAN-2005-0988 Race condition in gzip
Last modified: 2007-11-30 17:11:04 EST
+++ This bug was initially created as a clone of Bug #155745 +++
Race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a gzip
allows local users to modify permissions of arbitrary files via a hard link
attack on a file while it is being decompressed, whose permissions are changed
by gzip after the decompression is complete.
Created attachment 113665 [details]
I fixed this problem in devel (gzip-1.3.5-4). (I changed permissions and
ownership before output file is closed.)
"CLOSED RAWHIDE" is absolutely of no help to all FC3 installations out there
with now a widely known open security issues. There were recent updates for RHEL.
Do you propose that everybody should recompile rawhide gzip rpms on their own?
Not that hard to do, but ....
fc3 package is built now (gzip-1.3.3-14.fc3).
Sigh! gzip-1.3.5-14.fc3 indeed closes CAN-2005-0988 and CAN-2005-1228
but CAN-2005-0758 (bug 121514) is still there. That bug was fixed in
RHEL gzip updates and exactly the same fix showed up in bzgrep from
bzip2-1.0.2-13.FC3.1 released yesterday. FC4 gzip packages also do not
sport that bug.
fc3 package with CAN-2005-0758 (bug 121514) - patch is built now