-------- Forwarded Message -------- From: Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> To: Thomas Hood <[EMAIL PROTECTED]> Subject: Re: Possible alsaconf fix Date: Wed, 9 Feb 2005 20:44:25 +0100 On Wed, Feb 09, 2005 at 02:00:46PM +0100, Thomas Hood wrote: > How about this? > > #! /bin/sh /usr/share/dpatch/dpatch-run > ## 20_write_tmp_file_safely.dpatch by <[EMAIL PROTECTED]> > ## > ## All lines beginning with `## DP:' are a description of the patch. > ## DP: Initialize card database file in /var/tmp/ safely > > @DPATCH@ > diff -urNad > alsa-utils-1.0.8/alsaconf/alsaconf.in > /tmp/dpep.LM8CdC/alsa-utils-1.0.8/alsaconf/alsaconf.in > --- alsa-utils-1.0.8/alsaconf/alsaconf.in 2005-02-09 > 12:35:32.000000000 +0100 > +++ /tmp/dpep.LM8CdC/alsa-utils-1.0.8/alsaconf/alsaconf.in 2005-02-09 > 13:54:19.000000000 +0100 > @@ -513,8 +513,11 @@ > fi > fi > if [ $use_modinfo_db = 1 ]; then > - xecho "Building card database.." > - build_card_db $CARDID_DB > + if CARDID_DB_TMP="$(mktemp -q ${CARDID_DB}.XXXXXX)" && > [ "$CARDID_DB_TMP" ] ; then > + xecho "Building card database.." > + mv -f $CARDID_DB_TMP $CARDID_DB > + build_card_db $CARDID_DB > + fi > fi > if [ ! -r $CARDID_DB ]; then > xecho "No card database is found.."
A quick look: If a user created a CARDID_DB directory, then you will be moving the file _into_ the directory and he can, effectively, DOS the application or have unexpected consequences (notice that [ -r CARDID_DB ] would be true, even if it's a directory) How about using a file at /var/cache/alsaconf/ and create that directory in the package so that only root can access it? Why create the file at /var/tmp/ at all? Regards Javier -- Thomas Hood <[EMAIL PROTECTED]>