[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Duplicity-tracker] [patch #6285] security fix: eliminate use of mktemp(
From: |
Peter Schuller |
Subject: |
[Duplicity-tracker] [patch #6285] security fix: eliminate use of mktemp() |
Date: |
Mon, 26 Nov 2007 19:49:02 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.8.1.8) Gecko/20071030 Firefox/2.0.0.8 |
URL:
<http://savannah.nongnu.org/patch/?6285>
Summary: security fix: eliminate use of mktemp()
Project: duplicity
Submitted by: scode
Submitted on: Monday 11/26/2007 at 19:49
Category: None
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
The attached patch eliminates the use of mktemp(), in favor of mkdtemp() and
mkstemp().
Two notes:
(1) With the tempfiles, I do an open/close in order to keep the semantics of
passing on filenames to other places. In the case of TempDupPath I wanted to
avoid having to also make changes to the gzip/gpg code (because
filtered_open() passes the filename).
It may be that this is not a big issue, but right now I wanted to fix the
security problem with a minimum of possibility of breakage.
In the case of TempPath, I did it that way just to keep synchronisity with
tempDupPath.
(2) When testing the rsync specific change, I got this doing an incremental
backup after a full:
Fatal Error: Neither remote nor local manifest is readable.
However, I get this without my changes applied as well, so it does not appear
to be introduced by this patch.
In one case, I did this to avoid having to "cascade" the changes down into
gzip/gpg code, and in the
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Monday 11/26/2007 at 19:49 Name: duplicity_elimmktemp.patch Size: 2kB
By: scode
<http://savannah.nongnu.org/patch/download.php?file_id=14488>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/patch/?6285>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [Duplicity-tracker] [patch #6285] security fix: eliminate use of mktemp(),
Peter Schuller <=