GLSA-200404-01 : Insecure sandbox temporary lockfile vulnerabilities in Portage

Medium Nessus Plugin ID 14466


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200404-01 (Insecure sandbox temporary lockfile vulnerabilities in Portage)

A flaw in Portage's sandbox wrapper has been found where the temporary lockfiles are subject to a hard-link attack which allows linkable files to be overwritten to an empty file. This can be used to damage critical files on a system causing a Denial of Service, or alternatively this attack may be used to cause other security risks; for example firewall configuration data could be overwritten without notice.
The vulnerable sandbox functions have been patched to test for these new conditions: namely; for the existence of a hard-link which would be removed before the sandbox process would continue, for the existence of a world-writable lockfile in which case the sandbox would also remove it, and also for any mismatches in the UID ( anything but root ) and the GID ( anything but the group of the sandbox process ).
If the vulnerable files cannot be removed by the sandbox, then the sandbox would exit with a fatal error warning the administrator of the issue. The patched functions also fix any other sandbox I/O operations which do not explicitly include the mentioned lockfile.
Impact :

Any user with write access to the /tmp directory can hard-link a file to /tmp/sandboxpids.tmp - this file would eventually be replaced with an empty one; effectively wiping out the file it was linked to as well with no prior warning. This could be used to potentially disable a vital component of the system and cause a path for other possible exploits.
This vulnerability only affects systems that have /tmp on the root partition: since symbolic link attacks are filtered, /tmp has to be on the same partition for an attack to take place.
Workaround :

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.


Users should upgrade to Portage 2.0.50-r3 or later:
# emerge sync # emerge -pv '>=sys-apps/portage-2.0.50-r3' # emerge '>=sys-apps/portage-2.0.50-r3'

See Also

Plugin Details

Severity: Medium

ID: 14466

File Name: gentoo_GLSA-200404-01.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2004/08/30

Modified: 2016/10/05

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:portage, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2004/04/04

Reference Information

GLSA: 200404-01