Bug#224592: marked as done (kopete: installed file winpopup-send.sh has an insecure file creation)

To: Riku Voipio <riku.voipio@iki.fi>
Cc: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Subject: Bug#224592: marked as done (kopete: installed file winpopup-send.sh has an insecure file creation)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 08 Mar 2004 13:33:10 -0800
Message-id: <[🔎] handler.224592.D224592.107878133821572.ackdone@bugs.debian.org>
In-reply-to: <20040308212850.GA5906@kos.to>
References: <20040308212850.GA5906@kos.to> <20031220113032.GA26433@reypastor.hispalinux.es>

Your message dated Mon, 8 Mar 2004 23:28:51 +0200
with message-id <20040308212850.GA5906@kos.to>
and subject line kde 3.2 Kopete ships without winpopup
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Dec 2003 12:32:04 +0000
>From data@reypastor.hispalinux.es Sat Dec 20 06:32:00 2003
Return-path: <data@reypastor.hispalinux.es>
Received: from (reypastor.hispalinux.es) [213.229.161.44] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1AXfJZ-0001jD-00; Sat, 20 Dec 2003 05:30:33 -0600
Received: by reypastor.hispalinux.es (Postfix, from userid 1019)
	id E44DE1E14C7; Sat, 20 Dec 2003 12:30:32 +0100 (CET)
Date: Sat, 20 Dec 2003 12:30:32 +0100
From: Jesus Climent <jesus.climent@hispalinux.es>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kopete: installed file winpopup-send.sh has an insecure file creation
Message-ID: <20031220113032.GA26433@reypastor.hispalinux.es>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-Reportbug-Version: 1.50
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 
	2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_15 
	(1.212-2003-09-23-exp) on master.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no 
	version=2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_15
X-Spam-Level: 

Package: kopete
Version: N/A; reported 2003-12-20
Severity: grave
Justification: user security hole
Tags: security

the file winpopup-send.sh does not check the existance of the file
/tmp/.winpopup-new

if another user has created a link to whichever file in the system it will be
overwriten if the user is root.

Please, consider modifying the file with some checkings, and adding some user
identification:

if [ ! -d /tmp/kopete.$$ ] ; then
mkdir -p /tmp/kopete.$$/
elif [ ! -d /tmp/kopete.$USERNAME.$$ ] ; then
mkdir -p ...

In any case, use some source of randomness for the creation of the file.

Thanks

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux reypastor 2.4.23 #1 lun dic 1 23:39:36 CET 2003 i686
Locale: LANG=es_ES@euro, LC_CTYPE=es_ES@euro

-- 
Jesus Climent                                      info:www.pumuki.org
Unix SysAdm|Linux User #66350|Debian Developer|2.4.23|Helsinki Finland
GPG: 1024D/86946D69 BB64 2339 1CAA 7064 E429  7E18 66FC 1D7F 8694 6D69

Like my old grand daddy used to say, "The less a man makes declarative 
statements, the less apt he is to look foolish in retrospect."
		--Chester (Four Rooms)

---------------------------------------
Received: (at 224592-done) by bugs.debian.org; 8 Mar 2004 21:28:58 +0000
>From nchip@kos.to Mon Mar 08 13:28:58 2004
Return-path: <nchip@kos.to>
Received: from xdsl-177-5.nblnetworks.fi (watergate.kos.to) [217.30.177.5] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1B0SJ0-0005aG-00; Mon, 08 Mar 2004 13:28:58 -0800
Received: from nchip by watergate.kos.to with local (Exim 4.24)
	id 1B0SIt-0001Xo-CW; Mon, 08 Mar 2004 23:28:51 +0200
Date: Mon, 8 Mar 2004 23:28:51 +0200
From: Riku Voipio <riku.voipio@iki.fi>
To: 224590-done@bugs.debian.org, 224592-done@bugs.debian.org
Subject: kde 3.2 Kopete ships without winpopup
Message-ID: <20040308212850.GA5906@kos.to>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-message-flag: Warning: message not sent with a DRM-Certified client
User-Agent: Mutt/1.5.5.1+cvs20040105i
Sender: Riku Voipio <nchip@kos.to>
Delivered-To: 224592-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_08 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no 
	version=2.60-bugs.debian.org_2004_03_08
X-Spam-Level: 

Jesus, kopete 3.2 fixes the winpopup-send.sh and winpopup-install.sh
by.. not shipping them anymore! I doubt anyone will miss them.


-- 
Riku Voipio  	       |    riku.voipio@iki.fi         |
kirkkonummentie 33     |    +358 40 8476974          --+--
02140 Espoo            |                               |
dark> A bad analogy is like leaky screwdriver          |

Reply to:

Prev by Date: Bug#224590: marked as done (kopete installs shell scripts under /usr/bin)
Next by Date: Bug#220110: Upstream?
Previous by thread: Bug#224590: marked as done (kopete installs shell scripts under /usr/bin)
Next by thread: Bug#220310: marked as done (kaudiocreator: FTBFS - <linux/cdrom.h> is not usable from C++.)
Index(es):
- Date
- Thread