www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 15584] New: Security issue: symlink attack

https://issues.dlang.org/show_bug.cgi?id=15584

          Issue ID: 15584
           Summary: Security issue: symlink attack
           Product: D
           Version: D2
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: cpicard openmailbox.org

There is a symlink attack because dmd overwrite the output file without
checking whether it is a link or not. This can allow an attacker to overwrite
any file accessible with the rights of the user that runs the compiler. For
example .ssh/authorized_keys could be replaced in order to get remote access to
the system.

To reproduce:

    $ touch untouchable
    $ ln -s untouchable malicious
    $ echo 'import std.stdio; void main() {writeln("owned");}' > malicious.d
    $ dmd malicious.d
    $ ./untouchable
    owned

--
Jan 20