Your message dated Wed, 16 Jul 2008 12:45:56 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: gsambad: Improved patch for CVE-2007-2838
has caused the Debian Bug report #433518,
regarding gsambad: Improved patch for CVE-2007-2838
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
433518: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433518
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: gsambad
Version: 0.1.6-2
Severity: normal
Tags: patch
Hello,
I've prepared updates of gsambad for Ubuntu edgy and feisty based on the
Debian fix for this CVE. Kees Cook (member of the Ubuntu security team)
reviewed the proposed updates and was unhappy with the fix. He proposed
to use mkstemp() to create the tmp file.
Attached is the improved dpatch which was used in the Ubuntu updates.
See also http://launchpad.net/bugs/124629
Regards,
Michael
#! /bin/sh /usr/share/dpatch/dpatch-run
## 04-cve-2007-2838.dpatch by Michael Bienia <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: CVE-2007-2838: Unsafe tmp file usage.
@DPATCH@
diff -urNad gsambad-0.1.6~/src/populate_conns.c
gsambad-0.1.6/src/populate_conns.c
--- gsambad-0.1.6~/src/populate_conns.c 2006-07-21 01:04:44.000000000 +0200
+++ gsambad-0.1.6/src/populate_conns.c 2007-07-10 18:41:47.000000000 +0200
@@ -48,6 +48,9 @@
long file_size=0, old_pos=0;
gchar *combined=NULL;
gchar *utf8=NULL;
+ char command_buffer[1024];
+ char filename[] = "/tmp/gsambad-XXXXXX";
+ int tmpfd = -1;
gtk_list_store_clear(widgets->conns_store);
@@ -64,8 +67,19 @@
fflush(stdin);
fflush(stdout);
- /* Write the output of smbstatus to a tempfile, FIXME: Static paths and
generally notgoodtoday */
- if((fp=popen("touch /tmp/gsambadtmp && chmod 600 /tmp/gsambadtmp &&
smbstatus 2>&1> /tmp/gsambadtmp", "w"))==NULL)
+ /* make a secure temporary file */
+ tmpfd = mkstemp(filename);
+ if (tmpfd < 0) {
+ perror("Couldn't create safe tmp file");
+ return;
+ }
+ close(tmpfd);
+
+ /* Write the output of smbstatus to a tempfile. */
+ snprintf( command_buffer, sizeof(command_buffer) - 1,
+ "smbstatus 2>&1> %s", filename );
+
+ if((fp=popen(command_buffer, "w"))==NULL)
{
/* Dont show a popup */
return;
@@ -73,7 +87,7 @@
pclose(fp);
/* We want it in a tempfile so we can scroll around in it properly */
- if((fp=fopen("/tmp/gsambadtmp", "r"))==NULL) // FIXME: Static paths
+ if((fp=fopen(filename, "r"))==NULL) // FIXME: Static paths
{
/* Dont show a popup */
return;
--- End Message ---
--- Begin Message ---
Hi,
upstream took that patch over some time ago.. closing this bug report.
Regards,
Daniel
--
Address: Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email: [EMAIL PROTECTED]
Internet: http://people.panthera-systems.net/~daniel-baumann/
--- End Message ---
