Menu
▾
▴
#179 insecure tmp usage in xdvizilla
closed-fixed
5
2003-09-26
2003-09-25
Anonymous
No
I was asked by Thomas Esser to report this here.
xdvizilla appears to have unsafe tmp file usage. Notice:
FILE=/tmp/xdvizilla$$
gunzip -c "$1" > $FILE
FILE=/tmp/xdvizilla$$
uncompress -c "$1" > $FILE
I am reed @ reedmedia.net
I reported this to tetex list (which I subscribed to
but don't seem to get any messages back from).
Logged In: YES
user_id=177175
Thanks for the bug report! I'll forward this to Paul as well.
Additional suggestions that Thomas Esser sent me by email:
- He recommends the following method of creating tempfiles
in shellscripts (see also fmtutil):
progname=xdvizilla
tmpdir=${TMP-/tmp}/$progname.$$
(umask 077; mkdir "$tmpdir") ||
exit with error `cannot create directory'
then use $tmpdir/any-file. The umask makes sure that nobody
else can write to $tmpdir, and creation with mkdir is atomic.
- trap Ctrl-C etc. to remove $tmpdir
Logged In: YES
user_id=177175
Fixed in revisions 1.3 (HEAD), 1.1.2.2 (22_40_STABLE) and
1.2.2.1 (STABLE).
(Please note that it may take up to 24h for these changes to
appear in the public CVS).