Package: comix
Version: 3.6.4-1
Severity: grave
Justification: user security hole
Tags: security
*** Please type your report below this line ***
/usr/bin/comix, line 10494:
# =======================================================
# Create the temporary directory used in this Comix session.
# The dir is /tmp/comix/<num> where <num> is 1 or higher
# depending on the number of Comix sessions opened.
# =======================================================
if not os.path.exists('/tmp/comix/'):
os.makedirs('/tmp/comix/')
os.chmod('/tmp/comix/', 0700)
dir_number = 1
while 1:
if not os.path.exists('/tmp/comix/' + str(dir_number)):
os.mkdir('/tmp/comix/' + str(dir_number))
os.chmod('/tmp/comix/' + str(dir_number), 0700)
self.base_dir = '/tmp/comix/' + str(dir_number) + '/'
break
dir_number += 1
Completely predictable filenames and chmodding after creation open this up
for symlink attack.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (700, 'testing'), (500, 'stable'), (400, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages comix depends on:
ii gconf2 2.20.1-2 GNOME configuration database syste
ii python 2.4.4-6 An interactive high-level object-o
ii python-gtk2 2.12.1-1 Python bindings for the GTK+ widge
ii python-imaging 1.1.6-1 Python Imaging Library
comix recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
