Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo: GLSA-200404-01 Normal: Portage Insecure Sandbox Denial of Service

gentoo
Calendar Grey April 6, 2004
Dist Gentoo Esm H88
Keep updated on the Service Disruption situation regarding Portage's sandbox. Enhance your protection now.
A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200404-01
~                                            https://security.gentoo.org/

~  Severity: Normal
~     Title: Insecure sandbox temporary lockfile vulnerabilities in
~            Portage
~      Date: April 04, 2004
~      Bugs: #21923
~        ID: 200404-01


Synopsis
=======
A flaw has been found in the temporary file handling algorithms for the
sandboxing code used within Portage. Lockfiles created during normal
Portage operation of portage could be manipulated by local usersresulting in the truncation of hard linked files; causing a Denial of
Service attack on the system.

Background
=========
Portage is Gentoo's package management system which is responsible for
installing, compiling and updating any ebuilds on the system through the
Gentoo rsync tree. Under default configurations, most ebuilds run under
a sandbox which prevent the build process writing to the "real" sy...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory denial of service gentoo portage insecure sandbox

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory denial of service gentoo portage insecure sandbox

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here