[Compilercache-general] security problem with compilercache
Brought to you by:
erikyyy
Menu
▾
▴
[Compilercache-general] security problem with compilercache
|
From: Jochen V. <jv...@we...> - 2001-10-28 22:48:57
|
Hello, I got a bug report for the debian package of compilercache. Compilercache creates files in /tmp in an insecure way. By creating symlinks a malicous user may trick you into overwriting any of your files. I append the bug report below. This should really be fixed. Jochen ----- Forwarded message from Eduard Bloch <bl...@de...> ----- Subject: Bug#117426: compilercache: insecure temp files From: Eduard Bloch <bl...@de...> To: Debian Bug Tracking System <su...@bu...> Date: Sun, 28 Oct 2001 20:15:16 +0100 Package: compilercache Version: 1.0.9-1 Severity: grave Tags: patch Justification: user security hole I just noticed that compilercache stores the tempfiles in /tmp. But it does either use really random names (*), nor does it check the files before writ= ting to them. This makes it possible for users to create symlinks to everything = they want and that file would be trashed. Or insert some malicious code in root's build. (*) It is very easy to prognose the filename since the PID is used. The fix is quite easy: use the $RANDOM variable like in the attached patch (this is still not very secure, but better than PID), or use `tempfile` for creating a uniq filename. 236c236 < FASTTMPFILE=3D/tmp/compilercache_$$ --- > FASTTMPFILE=3D/tmp/compilercache_$RANDOM Gruss/Regards, Eduard. ----- End forwarded message ----- |
