================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5.2.1 Software URL: <http://www.gnu.org/software/coreutils/> Platform: Unix, Linux. Vulnerability type: Race condition Severity: Low, requires local attacker and badly set directory permissions. Vulnerable software ==================== mkdir, mknod, mkfifo included in GNU Core Utilities 5.2.1. Vulnerability ============== If a malicious local user has write access to a directory in which a target user is using mkdir/mknod/mkfifo with the -m (mode setting option) to create a file then a race condition bug can be exploited to make the change of permission apply to any file belonging to that user. The commands creates the directory/node/fifo before applying chmod() to change their permission to that specified by the mode option. Between these two activities there is a time gap, and these activies are non-atomic. During this time gap a malicious user can remove the created file and replace it with a hard-link to another file belonging to the user. mkdir/mknod/mkfifo will then change the permissions on the hard-linked file. Fix ==== Ensure that any directory in which mkdir/mknod/mkfifo are used are only writeable by the user or alternatively set the sticky bit on the directory's permissions
