Red Hat Bugzilla – Bug 155751
CAN-2005-1111 Race condition in cpio
Last modified: 2007-04-18 13:24:14 EDT
+++ This bug was initially created as a clone of Bug #155749 +++
Race condition in cpio 2.6 and earlier allows local users to modify permissions
of arbitrary files via a hard link attack on a file while it is being
decompressed, whose permissions are changed by cpio after the decompression is
Created attachment 113628 [details]
patch fix cpio-2.6 race condition
I replaced some chown, chmod with fchmod and fchown. And close file descriptor
This bug is CLOSED RAWHIDE, and hopefuly fixed in cpio-2.6-7 from FC4 although
there is no explicit note to the effect in a changelog there, but I do not see
a security update for FC3 which would cover that bug and also CAN-2005-1229
(bug #156314) and this leaves those installations vulnerable.
Reopening as per comment #2.
also, confirming that this is fixed in FC4 and on.
Fedora Core 3 is now completely unmaintained. These bugs can't be fixed in that
version. If the issue still persists in current Fedora Core, please reopen.
Thank you, and sorry about this.