1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1098226: perl: thread creation while a directory handle is open doe

    From Niko Tyni@21:1/5 to Vincent Lefevre on Sat May 17 10:40:01 2025
    Control: severity -1 normal

    On Tue, Feb 18, 2025 at 05:01:55PM +0100, Vincent Lefevre wrote:

    Control: forwarded -1 https://github.com/Perl/perl5/issues/23010

    This is a bug visible in the perl code, so I've just reported the bug upstream.

    Thanks.

    (Not sure about the severity, but this can yield incorrect file
    operations in the involved directory, which may be very problematic
    if this directory is untrusted.)

    There's a preliminary patch upstream at
    https://github.com/Perl/perl5/pull/23019

    but it looks like it's not going to be in 5.42. I'm certainly not going
    to backport it before it's ready.

    It doesn't look like upstream is treating this as a serious security
    issue, so I'm lowering the severity. Please discuss the security concerns upstream if you want this to change.

    --
    Niko Tyni ntyni@debian.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Vincent Lefevre@21:1/5 to Niko Tyni on Sun May 18 11:50:01 2025
    On 2025-05-17 11:26:54 +0300, Niko Tyni wrote:
    It doesn't look like upstream is treating this as a serious security
    issue, so I'm lowering the severity. Please discuss the security concerns upstream if you want this to change.

    I think that upstream is just currently trying to fix the bug, not
    discussing about security.

    Note that since in the case the directory opened by opendir is
    writable by some attacker (e.g. it could be /tmp), the attacker
    can provide incorrect data to the script. This could potentially
    be data that could be executed by the script.

    --
    Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
    100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
    Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Vincent Lefevre@21:1/5 to Niko Tyni on Fri May 23 12:00:01 2025
    On 2025-05-17 11:26:54 +0300, Niko Tyni wrote:
    It doesn't look like upstream is treating this as a serious security
    issue, so I'm lowering the severity. Please discuss the security concerns upstream if you want this to change.

    FYI, I've sent a message to the oss-security list:

    https://www.openwall.com/lists/oss-security/2025/05/22/2

    --
    Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
    100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
    Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)