Bug 458504 - [SECURITY] Wipes system at startup
Summary: [SECURITY] Wipes system at startup
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: initscripts
Version: 9
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: CVE-2008-3524
TreeView+ depends on / blocked
 
Reported: 2008-08-08 23:22 UTC by Enrico Scholz
Modified: 2014-03-17 03:15 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-09-25 00:14:53 UTC
Type: ---


Attachments (Terms of Use)

Description Enrico Scholz 2008-08-08 23:22:10 UTC
Description of problem:

/etc/rc.sysinit makes

| find -L /var/lock /var/run ! -type d -exec rm -f {} \;

at every start.  It is common practice to have daemon-writable subdirs below /var/run or /var/lock (e.g. /var/run/openldap).  When such a daemon is compromised, an attack could create a

| /var/run/openldap/foo -> /

symlink which wipes whole system at next startup.


Version-Release number of selected component (if applicable):

initscripts-8.76.2-1.x86_64


How reproducible:

100%

Steps to Reproduce:
1. mkdir /var/run/foo
2. chown nobody:nobody /var/run/foo
3. runuser nobody -s /bin/sh 'ln -s / /var/run/foo/bar'
4. reboot
  
Actual results:

a lot of 'command not found' errors on startup


Additional info:

Kudos to Herbert Poetzl about discovering this vulnerability.

Comment 1 Fedora Update System 2008-08-29 17:14:57 UTC
initscripts-8.76.3-1 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/initscripts-8.76.3-1

Comment 2 Fedora Update System 2008-09-10 06:45:35 UTC
initscripts-8.76.3-1 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update initscripts'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-7667

Comment 3 Fedora Update System 2008-09-25 00:14:44 UTC
initscripts-8.76.3-1 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.