A security-related bug in RPM

Savochkin Andrey Vladimirovich (saw@MSU.RU)
Sat, 27 Dec 1997 21:04:59 +0300

[To the moderator: I already sent a letter about this bug. But I think
my previous explanation of the bug wasn't clear. So the second try :-)]

RPM (RedHat package manager) has a command-line option
to fix file permissions and ownership
according to ones specified in the package database.

Unfortunately the implementation of this option is buggy.
The bug can cause changing permissions of certain files
to 0777 (which means writable-to-everyone files).

I recommend to all people using RPM do not run "rpm --setperms"
or "rpm --setugids" until the bug be fixed.
And I recommend to everybody who doesn't sure that neither he by his hands nor
any scripts on his system never invoked RPM with such options
to verify file permissions on his filesystem.

The nature of the bug seems to allow changing file permissions
only to 0777 so "find / -perm -0777" will find all files with
changed permissions.

Andrey V.