Bug#527057: console-setup: insecure tempfile handling

To: submit@bugs.debian.org
Subject: Bug#527057: console-setup: insecure tempfile handling
From: Colin Watson <cjwatson@ubuntu.com>
Date: Tue, 5 May 2009 12:08:14 +0100
Message-id: <[🔎] 20090505110814.GP7367@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@ubuntu.com>, 527057@bugs.debian.org

Package: console-setup
Version: 1.33
Severity: grave
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu karmic

While merging console-setup 1.33 into Ubuntu, I happened to notice that
debian/config.proto contains a few instances of code like this:

            echo unsupported_layout=$unsupported_layout >>/tmp/cslog # asdf

We can't leave this sort of thing in packages uploaded to the archive,
IMO; that means that any local user on a system they know is likely to
be upgraded soon can create a symlink called /tmp/cslog and have root
overwrite any file they like. (Admittedly they can only get root to
write out rather specific text to that file, but it would still be
enough to break the system if they just wanted to be randomly
destructive.)

Anton, I'm filing this bug rather than just correcting it because I'm
not sure what you want to achieve here. Was it just code you committed
by accident, or do you explicitly want to have extra logging in the
package? If the latter, I'd suggest perhaps calls to logger(1) guarded
by an environment variable.

Thanks,

-- 
Colin Watson                                       [cjwatson@ubuntu.com]

Reply to:

Follow-Ups:
- Bug#527057: console-setup: insecure tempfile handling
  - From: Anton Zinoviev <anton@lml.bas.bg>
- Bug#527057: marked as done (console-setup: insecure tempfile handling)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Switching to by-label mounting of partitions
Next by Date: Bug#527057: console-setup: insecure tempfile handling
Previous by thread: Processed: severity of 526978 is normal
Next by thread: Bug#527057: console-setup: insecure tempfile handling
Index(es):
- Date
- Thread