Bug#294128: [Fwd: Re: Possible alsaconf fix]

[Thomas Hood]

-------- Forwarded Message --------
From: Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]>
To: Thomas Hood <[EMAIL PROTECTED]>
Subject: Re: Possible alsaconf fix
Date: Wed, 9 Feb 2005 20:44:25 +0100
On Wed, Feb 09, 2005 at 02:00:46PM +0100, Thomas Hood wrote:
> How about this?
> 
> #! /bin/sh /usr/share/dpatch/dpatch-run
> ## 20_write_tmp_file_safely.dpatch by  <[EMAIL PROTECTED]>
> ##
> ## All lines beginning with `## DP:' are a description of the patch.
> ## DP: Initialize card database file in /var/tmp/ safely
> 
> @DPATCH@
> diff -urNad
> alsa-utils-1.0.8/alsaconf/alsaconf.in 
> /tmp/dpep.LM8CdC/alsa-utils-1.0.8/alsaconf/alsaconf.in
> --- alsa-utils-1.0.8/alsaconf/alsaconf.in       2005-02-09
> 12:35:32.000000000 +0100
> +++ /tmp/dpep.LM8CdC/alsa-utils-1.0.8/alsaconf/alsaconf.in      2005-02-09 
> 13:54:19.000000000 +0100
> @@ -513,8 +513,11 @@
>         fi
>      fi
>      if [ $use_modinfo_db = 1 ]; then
> -       xecho "Building card database.."
> -       build_card_db $CARDID_DB
> +       if CARDID_DB_TMP="$(mktemp -q ${CARDID_DB}.XXXXXX)" &&
> [ "$CARDID_DB_TMP" ] ; then
> +               xecho "Building card database.."
> +               mv -f $CARDID_DB_TMP $CARDID_DB
> +               build_card_db $CARDID_DB
> +       fi
>      fi
>      if [ ! -r $CARDID_DB ]; then
>         xecho "No card database is found.."

A quick look: If a user created a CARDID_DB directory, then you will be
moving the file _into_ the directory and he can, effectively, DOS the
application or have unexpected consequences (notice that [ -r CARDID_DB ]
would be true, even if it's a directory)

How about using a file at /var/cache/alsaconf/ and create that directory in 
the package so that only root can access it? Why create the file at 
/var/tmp/ at all?

Regards

Javier
-- 
Thomas Hood <[EMAIL PROTECTED]>