On Wed, Dec 17, 2008 at 10:29:10AM +0100, Tomas Hoger wrote:
> Hi Hamish!
> It seems that upstream fix for this issue is far from being ideal.
> > TMP=`tempfile -d /tmp -p geo. -s .code`
> > so calling this "fixed-upstream" and hoping that tempfile is somewhat
> > portable beyond Debian.
> Any particular reason for using Debian-specific tempfile, instead of
> generally available mktemp?
> Apart from the portability issues of the fix, the fix is not address
> the flaw properly as well. Even though TMP file (never used, IIRC) is
> created in a secure way, all other temporary files are not (STYLE,
> COORDS, OUTWAY, MAP for geo-code). So when TMP is created, local user
> can see its name and can create malicious symlinks
> TMP.style, .coords, .way, .gif before script will attempt to use them
> for the first time (or guess or brute-force TMP name in advance). You
> either have to create all temporary files using mktemp, or make TMP a
> temporary directory (or dot-directory in user's home dir and you do not
> have to care about creating it securely at all).
> There are still few other issues in geo-nearest, like:
> cp "$GEOWAY" /tmp/geocaching.loc
A proper fix should use mkdtemp(3) and create there all relevant files.
Finally all files could be moved in place by prechecking type, attributes
and existence of the target files.
Francesco P. Lovergine
Pkg-grass-devel mailing list