Hello,
I make you pass an open bug report on the Debian bts about rc.
I do not know to whom I should speak. The code comes from 9base, who
just plan9port, etc. Here is the report [1]:
Package: 9base
Version: 1:6-6
Severity: important
Tags: security
Murray McAllister from Red Hat Security Response Team discovered that rc
creates temporary files in an insecure way:
$ strace -o '| grep /tmp' ./test-heredoc
open("/tmp/here217f.0000", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 5
open("/tmp/here217f.0000", O_RDONLY|O_LARGEFILE) = 5
moo
unlink("/tmp/here217f.0000") = 0
As you can see, the filenames are easily predictable, and the O_EXCL
flag is missing.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737206
Regards,
--
Stéphane Aulery
#!/usr/lib/plan9/bin/rc
cat << EOF
moo
EOF
