Mailinglist Archive: opensuse-bugs (4751 mails)

< Previous Next >
[Bug 1047247] New: chkstat tool can be tricked into trying to interpret the shell environment as a permissions file
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 04 Jul 2017 15:43:53 +0000
  • Message-id: <bug-1047247-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1047247


Bug ID: 1047247
Summary: chkstat tool can be tricked into trying to interpret
the shell environment as a permissions file
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Basesystem
Assignee: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
Reporter: Mathias.Homann@xxxxxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Created attachment 731178
--> http://bugzilla.opensuse.org/attachment.cgi?id=731178&action=edit
"constructed" permissions file

A badly constructed permissions file in /etc/permissions.d can be used to make
chkstat --system treat the shell environment as permissions files.

Attached file triggers such behaviour. opening it in a hex editor shows a
whitespace after the last linefeed. Removing that whitespace stops the
misbehavior.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages