There are a potential security issue in some of Scilab's scripts. Reported in
Reported by Sylvestre LEDRU
-- Bug description --
There are a potential security issue in some of Scilab's scripts.
Reported in Debian by Dmitry E. Oboukhov:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496414
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.
For example if a script uses in its work a temp file which is created
in /tmp directory, then every user can create symlink with the same
name in this directory in order to destroy or rewrite some system
or user file. Symlink attack may also lead not only to the data
desctruction but to denial of service as well.
Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial of service'
for your package scripts.
Even if you make rm(dir) for files/directories, then your system is
not protected. Attacker can permanently create symlinks.
This list is created with the help of script. This list is sorted by
hand. Howewer in some cases mistake is possible.
Many programs are touched by this security issue. For example, fwbuilder has been fixed this way:
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=496411.patch;att=1;bug=496406
-- Scilab error message --
-- How to reproduce the bug --