tag 329053 patch thanks Hi!
Joey posted a patch on full-disclosure, which looks fine. Martin ----- Forwarded message from Joey Schulze <[EMAIL PROTECTED]> ----- Date: Tue, 20 Sep 2005 20:23:30 +0200 From: Joey Schulze <[EMAIL PROTECTED]> To: [email protected] Cc: Subject: [Full-disclosure] Re: arc insecure temporary file creation X-Spam-Status: No, score=0.1 required=4.0 tests=AWL,BAYES_50 autolearn=no version=3.0.3 ZATAZ Audits wrote: > The vulnerability is caused due to temporary file being created insecurely. > The temporary file used for archive creation could be read by untrusted > users. This is not just an information leak, but also a symlink vulnerability since the temporary file is created without ensuring that either it does not exist before or is owned by the same user, while it is placed in a usually publically writable directory. The following patch should fix both issues. --- arcsvc.c~ 2005-03-13 16:48:09.000000000 +0100 +++ arcsvc.c 2005-09-17 09:41:51.000000000 +0200 @@ -17,6 +17,9 @@ Computer Innovations Optimizing C86 */ #include <stdio.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> #include "arc.h" #if _MTS #include <mts.h> @@ -52,7 +55,12 @@ openarc(chg) /* open archive */ } #endif if (chg) { /* if opening for changes */ - if (!(new = fopen(newname, OPEN_W))) + int fd; + + if ((fd = open(newname, O_CREAT|O_EXCL|O_RDWR, S_IREAD|S_IWRITE)) == -1) + arcdie("Cannot create archive copy: %s", newname); + + if (!(new = fdopen(fd, OPEN_W))) arcdie("Cannot create archive copy: %s", newname); changing = chg; /* note if open for changes */ Regards, Joey -- Linux - the choice of a GNU generation. Please always Cc to me when replying to me on the lists. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ----- End forwarded message ----- -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
signature.asc
Description: Digital signature

