Date: Wed, 26 Aug 2015 04:10:53 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 202664] mergemaster as unprivileged user dumps master.passwd into /var/tmp/temproot Message-ID: <bug-202664-8-ZNuPpPWbUB@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-202664-8@https.bugs.freebsd.org/bugzilla/> References: <bug-202664-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202664 Chris Petrik <chris@bsdjunk.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chris@bsdjunk.com --- Comment #1 from Chris Petrik <chris@bsdjunk.com> --- I think it uses /usr/src/etc/* as base and then it diffs all that to the system etc, not the actual one installed in /etc/ so I don't think there's any threat. if you have a look at /usr/src/etc/ you will see a generic master.passwd which should be the same one youre looking at. a normal user has no access to /etc/master.passwd -rw------- 1 root wheel 2612 Aug 24 03:06 /etc/master.passwd -rw-r--r-- 1 root wheel 1640 Aug 18 12:26 /usr/src/etc/master.passwd -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202664-8-ZNuPpPWbUB>