GLSA-200404-01 : Insecure sandbox temporary lockfile vulnerabilities in Portage
Medium Nessus Plugin ID 14466
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200404-01 (Insecure sandbox temporary lockfile vulnerabilities in Portage)
A flaw in Portage's sandbox wrapper has been found where the temporary lockfiles are subject to a hard-link attack which allows linkable files to be overwritten to an empty file. This can be used to damage critical files on a system causing a Denial of Service, or alternatively this attack may be used to cause other security risks; for example firewall configuration data could be overwritten without notice.
The vulnerable sandbox functions have been patched to test for these new conditions: namely; for the existence of a hard-link which would be removed before the sandbox process would continue, for the existence of a world-writable lockfile in which case the sandbox would also remove it, and also for any mismatches in the UID ( anything but root ) and the GID ( anything but the group of the sandbox process ).
If the vulnerable files cannot be removed by the sandbox, then the sandbox would exit with a fatal error warning the administrator of the issue. The patched functions also fix any other sandbox I/O operations which do not explicitly include the mentioned lockfile.
Any user with write access to the /tmp directory can hard-link a file to /tmp/sandboxpids.tmp - this file would eventually be replaced with an empty one; effectively wiping out the file it was linked to as well with no prior warning. This could be used to potentially disable a vital component of the system and cause a path for other possible exploits.
This vulnerability only affects systems that have /tmp on the root partition: since symbolic link attacks are filtered, /tmp has to be on the same partition for an attack to take place.
A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.
SolutionUsers should upgrade to Portage 2.0.50-r3 or later:
# emerge sync # emerge -pv '>=sys-apps/portage-2.0.50-r3' # emerge '>=sys-apps/portage-2.0.50-r3'