OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

rsnapshot -- local privilege escalation

Affected packages
rsnapshot < 1.2.1

Details

VuXML ID c606260a-aa87-11d9-8af3-00065bd5b0b6
Discovery 2005-04-10
Entry 2005-04-11

The copy_symlink() subroutine in rsnapshot incorrectly changes file ownership on the files pointed to by symlinks, not on the symlinks themselves. This would allow, under certain circumstances, an arbitrary user to take ownership of a file on the main filesystem.

[source]

References

URL http://www.rsnapshot.org/security/2005/001.html

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.