uutils coreutils nohup Utility World-Readable Output File Vulnerability

A vulnerability exists in the uutils coreutils nohup utility, which creates the default output file nohup.out without setting explicit restricted permissions. This oversight allows the file to inherit umask-based permissions, typically resulting in world-readable files. In multi-user environments, this could enable any user to access the stdout or stderr output of a command, potentially revealing sensitive information. This behavior contrasts with GNU coreutils, which properly sets nohup.out permissions to owner-only.

Impact

The vulnerability leads to the creation of world-readable output files, allowing other users on the system to access potentially sensitive data logged by commands.

Reproduction

To reproduce this vulnerability, set the umask to 022, which results in world-readable files. Then, run the nohup command to execute a shell command that outputs sensitive data. After a short delay, check the permissions of the nohup.out file. The permissions should reflect the world-readable setting (0644), indicating that the file can be accessed by other users.

Remediation

A pull request has been made to address this vulnerability by changing the output file permissions to the correct owner-only setting. Users can apply this update by following the instructions in the pull request.