On Tue, 11 Jul 2006, Dominik Vogt wrote:
On Tue, Jul 11, 2006 at 10:16:09AM -0500, fvwm-workers wrote:
CVSROOT: /home/cvs/fvwm
Module name: fvwm
Changes by: griph 06/07/11 10:16:09
Modified files:
. : ChangeLog NEWS configure.ac
modules : ChangeLog
modules/FvwmCommand: FvwmCommand.1.in FvwmCommand.c
FvwmCommandS.c fifos.c
Log message:
fix tempfile vulnerabilities in FvwmCommand (bug #2791).
Can you explain what you actually did, please?
Sure.
First: When deciding on the default path the three files that are to be
used are tested with lstat (or stat if lstat is unavalable) to have the
same owner as the process owner, not have nore than one hard link and not
be a directory nor a symbolic link. If any of the tests fail the path will
be redirected to $FVWM_USERDIR instead of /var/tmp to avoid attacks
blocking the module. If some tests are impossible to do they are
concidered OK.
Second: All open() calls use O_NOFOLLOW if that flag is defined.
I believe this should be ennough, but if one are really paranoid one could
add checks of the opened files in FvwmCommand.c to verify that they are
fifos with correect permissions.
/Viktor
