Insecure tmp directory use
The following commit:
Falls back to creating files in /tmp if $XDG_CONFIG_HOME and $HOME are unset. Upowerd runs this as root, which causes files in /tmp to be created and updated in an insecure manner as root, allowing for symlink attacks.
See downstream bug report:
Comments and changes to this ticket
The code in question, that uses "/tmp/root" for the user's home if $HOME and $XDG_USER_HOME are not set, comes from http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets...
That bug had a duplicate marked for it, http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets...
The code which is in git right now, and which came from bug 265, is wrong. Simply doing a chain of mkdir() for /tmp/root/.config/blahblah allows for a symlink attack in /tmp.
I think the code in bug 273 is better. At least it directly uses /root if the environment variables for the user's home are not set. In this case, if upowerd is running as root, then it will be able to create /root/.config/blahblah properly, and regular users won't, because they can't write to /root anyway.
The bigger question is, why does libimobiledevice need to write stuff in .config? I don't know the code well enough to answer this right now.
- State changed from new to open
- Tag set to configuration, desktop, libimobiledevice
- Milestone set to 1.2.0 Release
Every device that is connected is "paired" with the host. This "pairing" needs to be saved somewhere alongside the one-time generated host ID. Thus .config looked like the "current way of doing things".
I think I tend to use user directories only, thus /root and not fall back as you advise.
This already ended up as CVE anyways...
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
A project around supporting the iPhone in Linux.