Bug#285762: tempname() in web-lib.pl does not create a temp file

To: submit@bugs.debian.org
Subject: Bug#285762: tempname() in web-lib.pl does not create a temp file
From: Peter Kruse <pk@q-leap.com>
Date: Wed, 15 Dec 2004 14:27:31 +0100
Message-id: <[🔎] 41C03BC3.1090008@q-leap.com>
Reply-to: Peter Kruse <pk@q-leap.com>, 285762@bugs.debian.org

Package: webmin
Version: 0.94-7woody3
Severity: important

Hello,

The function tempname() in web-lib.pl introduced the following statement
in the latest security update:

        local @st = lstat($tmp_dir);
        exit(0) if ($st[4] == $< && (-d _) && ($st[2] & 0777) == 0755);

I read it as "exit if the directory exists, belongs to me and has
permissions 0755"
later it creates a directory with these exact properties:

        mkdir($tmp_dir, 0755) || next;
        chown($<, $(, $tmp_dir);
        chmod(0755, $tmp_dir);

So when I do in my script:

    $need_unlink=1;
    $tempfile=&tempname();

It will only succeed once because the temporary directory
("/tmp/.webmin") is never deleted and thus tempname()
does exit(0).

I suggest to replace the "chmod(0755, $tmp_dir);"
statement with "chmod(0700, $tmp_dir);"

best regards,

	Peter

Reply to:

Prev by Date: Re: Processed: Fixed in NMU of preferences 1.2.100.0-0.1
Next by Date: Re:
Previous by thread: Processed: Fixed in NMU of libquantum-entanglement-perl 0.32-1
Next by thread: Re:
Index(es):
- Date
- Thread