[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creatin
|
From: |
nobody |
|
Subject: |
[Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creating subdirectories. |
|
Date: |
Mon, 16 Sep 2002 15:28:35 -0400 |
=================== BUG #492: LATEST MODIFICATIONS ==================
http://freesoftware.fsf.org/bugs/?func=detailbug&bug_id=492&group_id=1409
Changes by: mldonkey admin <address@hidden>
Date: 2002-Sep-16 19:28 (GMT)
What | Removed | Added
---------------------------------------------------------------------------
Category | None | Core
Resolution | None | Fixed
Assigned to | None | mldonkey
Status | Open | Closed
=================== BUG #492: FULL BUG SNAPSHOT ===================
Submitted by: None Project: mldonkey, a free e-Donkey
client
Submitted on: 2002-May-29 00:02
Category: Core Severity: 5 - Major
Bug Group: None Resolution: Fixed
Assigned to: mldonkey Status: Closed
Summary: Potential security problem - mldonkey creating subdirectories.
Original Submission: Hi!
I'm not sure if i just found a potential security threat in mlDonkey 1.16. I
have written another description of the problem to one of the developers
(including hashes for the file), because i don't wanted to post hashes/and or
filenames.
I just finished some download and commited the files using the "commit"
command. This was the filename as it was shown in the web-interface:
Downloaded 2 files [ Num ] File Size MD4
[3 ] some-scvd.bin 800000000 SOME_LENGTHY_MD4_CHECKSUM
..
After commiting, i looked into the incoming directory, and noticed that
mldonkey created a subdirectory, containing a single file:
fli4l:/mnt/hda4/incoming/ed2k # tree
.
|-- Some_subdirectory_created_by_mldonkey_after_committing
`-- somebinfile.bin
1 directory, 1 files
So mldonkey seems to have created a subdirectory named
"Some_subdirectory_created_by_mldonkey_after_committing", containing a single
file "somebinfile.bin".
Is this the wanted behaviour? I'm afraid that this could be a potential
security threat, if the file would have been written to something like
"/root/i0wnzY0" or something like that..
I'm going to post this mail to the bug tracking forum, too (but without real
filenames and hashes).
Follow-up Comments
*******************
-------------------------------------------------------
Date: 2002-Aug-04 11:34 By: None
Using a filename like the next:
Expediente-X 2x18 Temible Simetria [DVDRiP][Spanish Divx] cifirip].avi
It will make a directory with the part of the name, and will include the rest
of the file (in linux at least).
Regards,
Carlos.
-------------------------------------------------------
Date: 2002-May-29 11:58 By: None
>I don't think this is a security hole, btw if you run mldonkey as root it's
>your own fault ;)
Yes, i know. But i'm using it on a fli4l router system, and don't have much of
a choice. I think i'll bring it up at the fli4l newsgroup or so.
>If you think it could write somewhere in the users home dir run it in a chroot
>environment.
Yes, chroot is of course the best security measure. But i don't think that
there is a reason why mldonkey should be able to create directories in the
first place.. should be quite easy to fix, too.
-------------------------------------------------------
Date: 2002-May-29 04:07 By: None
I don't think this is a security hole, btw if you run mldonkey as root it's
your own fault ;)
If you think it could write somewhere in the users home dir run it in a chroot
environment.
CC list is empty
No files currently attached
For detailed info, follow this link:
http://freesoftware.fsf.org/bugs/?func=detailbug&bug_id=492&group_id=1409
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Mldonkey-bugs] [Bug #492] Potential security problem - mldonkey creating subdirectories.,
nobody <=