Bug#285762: tempname() in web-lib.pl does not create a temp file
Package: webmin
Version: 0.94-7woody3
Severity: important
Hello,
The function tempname() in web-lib.pl introduced the following statement
in the latest security update:
local @st = lstat($tmp_dir);
exit(0) if ($st[4] == $< && (-d _) && ($st[2] & 0777) == 0755);
I read it as "exit if the directory exists, belongs to me and has
permissions 0755"
later it creates a directory with these exact properties:
mkdir($tmp_dir, 0755) || next;
chown($<, $(, $tmp_dir);
chmod(0755, $tmp_dir);
So when I do in my script:
$need_unlink=1;
$tempfile=&tempname();
It will only succeed once because the temporary directory
("/tmp/.webmin") is never deleted and thus tempname()
does exit(0).
I suggest to replace the "chmod(0755, $tmp_dir);"
statement with "chmod(0700, $tmp_dir);"
best regards,
Peter
Reply to: