#44 Some scripts appear to be using temporary files insecurely

release 1.1.1
open
nobody
None
5
2011-05-11
2011-05-11
No

Hello,
few scripts appear to be using temporary files insecurely:

$ grep -r -E '[^a-z]/tmp/.*$$' .
./doc/cheatsheets/making_a_release: $ ./make_release 1.0.3 > /tmp/make_release.out 2>&1 &
./doc/cheatsheets/making_a_release: $ tail -f /tmp/make_release.out
./doc/cheatsheets/web.upload:./make_doc_tarball /tmp/pyke.html.tar
./doc/cheatsheets/web.upload:scp /tmp/pyke.html.tar mtnyogi@web.sourceforge.net:
./doc/cheatsheets/web.upload:rm /tmp/pyke.html.tar
./doc/source/bin/make_sitemap:STATUS_FILE=/tmp/make_sitemap.$$
./doc/source/bin/add_links:TMP_FILE=/tmp/add_links.$$
./make_release:TMPFILE=/tmp/make_release.$$
./testpyke:TMP1=/tmp/testpyke1.$$
./testpyke:TMP2=/tmp/testpyke2.$$
./testpyke:TMP3=/tmp/testpyke3.$$

These files have predictable names, which can be exploited by an
attacker to overwrite arbitrary files or cause other kind of DoS.

The problem can be avoided using mktemp.

Kind regards,
Daniele Tricoli

Discussion

  • Daniele Tricoli

    Daniele Tricoli - 2011-05-11

    I have attached a patch for add_links script.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks