Does this apply for Puppy also?
http://www.pcworld.com/businesscenter/a ... _flaw.html
Linux Distributions Update for Web Flaw
-
Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
I think so. It says versions 1.12 and older, which includes the version used in Puppy 5.0.
It looks like how this works is when you run wget, it's possible for the webserver you download from to provide a different filename for the file than what you expect. This could potentially result in wget saving the file in an unexpected and possibly dangerous location. It normally can't overwrite an existing file unless you modify wget's settings or use a commandline flag to enable that, but if you don't already have a config file for wget, it could download a config file that tells it that it's allowed to overwrite files, which would make it a bit more dangerous.
I don't know if the filename provided can change the path though. If you are running wget from /tmp/lala, I doubt the server could direct wget to save the file into /root/.ssh/, for example. If I'm right about that, then this is mainly only dangerous if you run wget from your home directory (not a subdirectory thereof) which would allow it to download to the many optional (and possibly not yet existing) config files that various programs look for.
Another limitation is that I think wget doesn't mess with file permissions, meaning nothing downloaded would have the execute bit set. That makes it harder to exploit it by having something downloaded into, say /root/Startup, since IIRC Puppy ignores non-executable files in those sorts of directories. (Hmm, not sure about /etc/profile.d/ though.)
I wouldn't be too concerned about it.
It looks like how this works is when you run wget, it's possible for the webserver you download from to provide a different filename for the file than what you expect. This could potentially result in wget saving the file in an unexpected and possibly dangerous location. It normally can't overwrite an existing file unless you modify wget's settings or use a commandline flag to enable that, but if you don't already have a config file for wget, it could download a config file that tells it that it's allowed to overwrite files, which would make it a bit more dangerous.
I don't know if the filename provided can change the path though. If you are running wget from /tmp/lala, I doubt the server could direct wget to save the file into /root/.ssh/, for example. If I'm right about that, then this is mainly only dangerous if you run wget from your home directory (not a subdirectory thereof) which would allow it to download to the many optional (and possibly not yet existing) config files that various programs look for.
Another limitation is that I think wget doesn't mess with file permissions, meaning nothing downloaded would have the execute bit set. That makes it harder to exploit it by having something downloaded into, say /root/Startup, since IIRC Puppy ignores non-executable files in those sorts of directories. (Hmm, not sure about /etc/profile.d/ though.)
I wouldn't be too concerned about it.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]