Bug#633964: pacemaker: configure creates temp files insecurely

Jakub Wilk Fri, 15 Jul 2011 06:12:20 -0700

Source: pacemaker
Version: 1.0.11-1.2
Severity: important
Tags: security


The configure script creates temporary files in an insecure way:
| extract_header_define() {
|         AC_MSG_CHECKING(for $2 in $1)
|         Cfile=/tmp/extract_define.$2.${$}
|         printf "#include <stdio.h>\n" > ${Cfile}.c
|         printf "#include <%s>\n" $1 >> ${Cfile}.c
|         printf "int main(int argc, char **argv) { printf(\"%%s\", %s); return 0; 
}\n" $2 >> ${Cfile}.c
|         $CC $CFLAGS ${Cfile}.c -o ${Cfile}
|         value=`${Cfile}`
|         AC_MSG_RESULT($value)
|         printf $value
|         rm -f ${Cfile}.c ${Cfile}
|       }

--
Jakub Wilk



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#633964: pacemaker: configure creates temp files insecurely

Reply via email to