Perforce server overwrites arbitrary client files
Clients of the version control system Perforce will overwrite arbitrary user files if instructed to do so by the Perforce server. An advisory on the security mailing list Full Disclosure explains that a manipulated server could, by modifying the ~/.bashrc on a Linux client for example, execute arbitrary commands with user privileges. According to the advisory, the vulnerability represents a design flaw in the client, which affects all operating system platforms and probably also older versions of the software.
Perforce clients apparently have no mechanism for restricting write privileges for the server to specific folders. The argument that servers are always trustworthy is inadequate, according to a revised version of the advisory which heise Security has seen. An attacker could, for example, intervene in the communication between client and server by compromising a Perforce server or by diverting DNS queries.
Whether and how the manufacturer will resolve the problem is hard to foresee. Since it relates to comprehensive changes in program design, a fix is unlikely to be available shortly. A temporary workaround for Linux clients would be to run them in a chroot environment.