[Bug 202664] mergemaster as unprivileged user dumps master.passwd into /var/tmp/temproot

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Aug 26 01:44:12 UTC 2015 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202664

            Bug ID: 202664
           Summary: mergemaster as unprivileged user dumps master.passwd
                    into /var/tmp/temproot
           Product: Base System
           Version: 10.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: jnbek1972 at gmail.com

I accidentally ran mergemaster -pv as a normal user instead of root and this is
the output:

([J:0]jnbek at rtr10[~]% mergemaster -pv                                          
                                                                             
[08/25/15][19:39:56])

 *** You have /usr/bin/less defined as your pager so we will use that

*** The directory specified for the temporary root environment,
    /var/tmp/temproot, exists.  This can be a security risk if untrusted
    users have access to the system.

  Use 'd' to delete the old /var/tmp/temproot and continue
  Use 't' to select a new temporary root directory
  Use 'e' to exit mergemaster

  Default is to use /var/tmp/temproot as is

How should I deal with this? [Use the existing /var/tmp/temproot] d

   *** Deleting the old /var/tmp/temproot

*** Creating the temporary root environment in /var/tmp/temproot
 *** /var/tmp/temproot ready for use
 *** Creating and populating directory structure in /var/tmp/temproot

 *** Press the [Enter] or [Return] key to continue
install: /var/tmp/temproot/etc/group: chown/chgrp: Operation not permitted

  *** FATAL ERROR: Cannot copy files to the temproot environment

([J:0]jnbek at rtr10[~]% ls -R /var/tmp/temproot                                  
                                                                             
[08/25/15][19:41:40])
etc/

/var/tmp/temproot/etc:
master.passwd

This seems to be a bad thing. It's a stock master.passwd file but I would think
that mergemaster should fail before ever messing with this file in the first
place unless the user is root. If a unprivileged user gets compromised on a
system, this could be used for evil, although I'm not sure exactly how.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list