On Wed, Dec 17, 2008 at 10:29:10AM +0100, Tomas Hoger wrote: > Hi Hamish! > > It seems that upstream fix for this issue is far from being ideal. > > > TMP=`tempfile -d /tmp -p geo. -s .code` > > [...] > > > so calling this "fixed-upstream" and hoping that tempfile is somewhat > > portable beyond Debian. > > Any particular reason for using Debian-specific tempfile, instead of > generally available mktemp? > > Apart from the portability issues of the fix, the fix is not address > the flaw properly as well. Even though TMP file (never used, IIRC) is > created in a secure way, all other temporary files are not (STYLE, > COORDS, OUTWAY, MAP for geo-code). So when TMP is created, local user > can see its name and can create malicious symlinks > TMP.style, .coords, .way, .gif before script will attempt to use them > for the first time (or guess or brute-force TMP name in advance). You > either have to create all temporary files using mktemp, or make TMP a > temporary directory (or dot-directory in user's home dir and you do not > have to care about creating it securely at all). > > There are still few other issues in geo-nearest, like: > > cp "$GEOWAY" /tmp/geocaching.loc
A proper fix should use mkdtemp(3) and create there all relevant files. Finally all files could be moved in place by prechecking type, attributes and existence of the target files. -- Francesco P. Lovergine _______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel