Note: This is an archival copy of Security Sun Alert 201615 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001212.1.
Solaris 8 Operating System
Date of Resolved Release
If a local unprivileged user executes the gzip(1) command and specifies the "-force" or "-f" command line option, files which are hard linked to the target file(s) will have their permissions changed. This could allow other local unprivileged users the ability to read or modify files owned by the invoking user, or system files if gzip(1) is issued by a local privileged user.
This issue can occur in the following releases:
The version of gzip(1) on a system can be determined by running the following command:
$ gzip --version gzip 1.2.4 (18 Aug 93) Compilation options: DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H
If the described issue occurs, files that are hard linked to the target file(s) will have their permissions changed to mode 0777 (-rwxrwxrwx).
$ ln original-file hardlink $ ls -l original-file hardlink -rw-r--r-- 2 user staff 293 Jun 24 18:33 hardlink -rw-r--r-- 2 user staff 293 Jun 24 18:33 original-file $ gzip -f original-file $ ls -l original-file* hardlink -rwxrwxrwx 1 user staff 293 Jun 24 18:33 hardlink -rw-r--r-- 1 user staff 195 Jun 24 18:33 original-file.gz
To work around the described issue, avoid using the "-f" or "-force" option with the gzip(1) command.
This issue is addressed in the following releases:
This solution has no attachment