Vigil@nce: Glib, permission change
September 2009 by Vigil@nce
When a user copies a symbolic link with an application linked to
Glib, permissions of the target are changed to 0777.
– Severity: 1/4
– Consequences: data reading, data creation/edition
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/09/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Glib library is used by several GNOME applications, such as
the Nautilus file explorer.
A symbolic link has the virtual permission 0777 (read and write
for everybody), and can point to a file with strict permissions
(for example 0600).
However, when the g_file_copy()/file_copy_fallback() function of
gio/gfile.c copies a link to a file/directory, permissions of the
target are changed to 0777 (if the user owns the file/directory).
A file which was previously secured thus becomes readable and
writable.
A local attacker can thus read or write a file/directory, for
which the user copied a link via Nautilus.
CHARACTERISTICS
– Identifiers: 593406, VIGILANCE-VUL-9013
– Url: http://vigilance.fr/vulnerability/Glib-permission-change-9013