Package: mutt
Version: 1.5.23-3
Tags: security
This is how smime_keys creates temporary files:
my $file = sprintf( '/tmp/smime-%d.%d', $$, int(rand( 999999 ) ) );
print STDERR "TMPFILE: $file\n";
if ( -e $file ) {
die( "ERROR: TMPFILE $file existss?!?!" );
}
open OUT, ">$file";
print OUT $cert;
close OUT;
The filename is not very random (just ~20 bits of entropy, because pids
are predictable); and there's a race window between the check of the
file existence and the file creation, in which a local attacker could
create the file.
Please use the File::Temp module for securely creating temporary files.
(Or maybe use pipes, instead of temporary files, for communicating with
openssl.)
--
Jakub Wilk
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]