Red Hat Bugzilla – Bug 155749
CVE-2005-1111 Race condition in cpio
Last modified: 2007-11-30 17:07:17 EST
Race condition in cpio 2.6 and earlier allows local users to modify permissions
of arbitrary files via a hard link attack on a file while it is being
decompressed, whose permissions are changed by cpio after the decompression is
This issue should also affect RHEL2.1 and RHEL3.
Created attachment 113839 [details]
Proposed patch from Steve Grubb
Created attachment 116230 [details]
I suggest to use this patch.
Steve's patch doesn't solve race condition on directories. My fix use mode 0700
for dir creation, which close some more holes.
We have not released an update for this issue on RHEL2.1 yet. RHEL3 and RHEL4
were fixed in RHSA-2005:378
The RHEL 2.1 bug in being tracked in bug #169760