#45 backup file honors suid bits

v2.9.7
closed
security (3)
5
2002-08-05
2002-07-02
Anonymous
No

Hi,

this is not so serious bug, it's more user
tricks/social engineering, but I believe joe could
prevent it if it behaved differently.

Bug description:

Take a look at example scenario:
1. unprivileged user 'john' creates 'script' containing
some code

2. John sets suid flag, so the file looks like this:
-rwsrwsr-x 1 john john script

3. then root comes, opens the script in joe editor,
changes something and saves the file

4. now look at ls script*:
-rwsrwsr-x 1 john john script
-rwsrwsr-x 1 root root script~

If John had some malicious commands in the script and
makes root edit the file, at some circumstances he can
now the commands as root.

Suggested solution:
Remove suid bits when creating backup files.

Ondrej Suchy, ondrej.suchy@qlinux.cz

Discussion

    • assigned_to: nobody --> vsamel
    • status: open --> closed
     
  • Logged In: YES
    user_id=208150

    Fixed (in current CVS).