[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug#286392: autopoint: Insecure temporary directory usage (fwd)
From: |
Santiago Vila |
Subject: |
Bug#286392: autopoint: Insecure temporary directory usage (fwd) |
Date: |
Mon, 20 Dec 2004 01:28:38 +0100 (CET) |
Hello.
Received this from the Debian bug system.
---------- Forwarded message ----------
From: Javier Fernández-Sanguino Peña <address@hidden>
To: address@hidden
Date: Mon, 20 Dec 2004 00:49:41 +0100
Subject: Bug#286392: autopoint: Insecure temporary directory usage
Package: gettext
Version: 0.14.1-6
Priority: normal
Tags: security
The autopoint script does not protect itself from temporary directory
attacks. Even though it creates a temporary directory and will abort
if it exists, the directory itself is not safe (depends on the user's
umask) and symlink attacks can be used against the directory contents
through race conditions. For example, consider the possibility of a
user with an "open" umask that creates file writable by his group,
a member of the same group could create a CVS directory in autopoint's
directory and have symlinks from common CVS files there (CVSRoot) to
other files to force a symlink attack to files the user might not have=20
access and belong to the user running the script.
The attached patch tries to prevent this by using safer umask settings
when creating the temporary directories.
Regards
Javier
PS: I initially reported this to the security team back in June,
but have not found time to follow up on this issue until today.
Security team, please check
Resent-Message-ID: <address@hidden>
--- autopoint.orig 2004-12-20 00:44:05.000000000 +0100
+++ autopoint 2004-12-20 00:44:48.000000000 +0100
@@ -310,6 +310,8 @@
# - work_dir directory containing the temporary checkout
cvs_dir=tmpcvs$$
work_dir=tmpwrk$$
+um=`umask`
+umask 077
mkdir "$cvs_dir"
if [ $? -ne 0 ]; then
echo "ERROR making $cvs_dir"
@@ -320,6 +322,7 @@
echo "ERROR making $work_dir"
exit 1
fi
+umask $um
CVSROOT="$srcdir/$cvs_dir"
export CVSROOT
unset CVS_CLIENT_LOG
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Bug#286392: autopoint: Insecure temporary directory usage (fwd),
Santiago Vila <=