[Bug 202664] mergemaster as unprivileged user dumps master.passwd into /var/tmp/temproot
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Aug 26 01:44:12 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202664
Bug ID: 202664
Summary: mergemaster as unprivileged user dumps master.passwd
into /var/tmp/temproot
Product: Base System
Version: 10.2-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: jnbek1972 at gmail.com
I accidentally ran mergemaster -pv as a normal user instead of root and this is
the output:
([J:0]jnbek at rtr10[~]% mergemaster -pv
[08/25/15][19:39:56])
*** You have /usr/bin/less defined as your pager so we will use that
*** The directory specified for the temporary root environment,
/var/tmp/temproot, exists. This can be a security risk if untrusted
users have access to the system.
Use 'd' to delete the old /var/tmp/temproot and continue
Use 't' to select a new temporary root directory
Use 'e' to exit mergemaster
Default is to use /var/tmp/temproot as is
How should I deal with this? [Use the existing /var/tmp/temproot] d
*** Deleting the old /var/tmp/temproot
*** Creating the temporary root environment in /var/tmp/temproot
*** /var/tmp/temproot ready for use
*** Creating and populating directory structure in /var/tmp/temproot
*** Press the [Enter] or [Return] key to continue
install: /var/tmp/temproot/etc/group: chown/chgrp: Operation not permitted
*** FATAL ERROR: Cannot copy files to the temproot environment
([J:0]jnbek at rtr10[~]% ls -R /var/tmp/temproot
[08/25/15][19:41:40])
etc/
/var/tmp/temproot/etc:
master.passwd
This seems to be a bad thing. It's a stock master.passwd file but I would think
that mergemaster should fail before ever messing with this file in the first
place unless the user is root. If a unprivileged user gets compromised on a
system, this could be used for evil, although I'm not sure exactly how.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list