Category
Security
Release Phase
Resolved
ProductSolaris 8 Operating System
Bug Id
4793452
Date of Resolved Release01-OCT-2004
Impact
If a local unprivileged user executes the gzip(1) command and specifies the "-force" or "-f" command line option, files which are hard linked to the target file(s) will have their permissions changed. This could allow other local unprivileged users the ability to read or modify files owned by the invoking user, or system files if gzip(1) is issued by a local privileged user.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 8 without patch 112668-02
x86 Platform
-
Solaris 8 without patch 112669-02
Notes:
-
Solaris 7 and Solaris 9 are not affected by this issue.
-
The described issue only occurs with versions of gzip(1) prior to 1.3.
The version of gzip(1) on a system can be determined by running the following command:
$ gzip --version gzip 1.2.4 (18 Aug 93)
Compilation options:
DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H
Symptoms
If the described issue occurs, files that are hard linked to the target file(s) will have their permissions changed to mode 0777 (-rwxrwxrwx).
$ ln original-file hardlink
$ ls -l original-file hardlink
-rw-r--r-- 2 user staff 293 Jun 24 18:33 hardlink
-rw-r--r-- 2 user staff 293 Jun 24 18:33 original-file
$ gzip -f original-file
$ ls -l original-file* hardlink
-rwxrwxrwx 1 user staff 293 Jun 24 18:33 hardlink
-rw-r--r-- 1 user staff 195 Jun 24 18:33 original-file.gz
Workaround
To work around the described issue, avoid using the "-f" or "-force" option with the gzip(1) command.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 8 with patch 112668-02 or later
x86 Platform
-
Solaris 8 with patch 112669-02 or later
Modification History
References
112669-02
112668-02
AttachmentsThis solution has no attachment