[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#285762: tempname() in web-lib.pl does not create a temp file

Package: webmin
Version: 0.94-7woody3
Severity: important


The function tempname() in web-lib.pl introduced the following statement
in the latest security update:

        local @st = lstat($tmp_dir);
        exit(0) if ($st[4] == $< && (-d _) && ($st[2] & 0777) == 0755);

I read it as "exit if the directory exists, belongs to me and has
permissions 0755"
later it creates a directory with these exact properties:

        mkdir($tmp_dir, 0755) || next;
        chown($<, $(, $tmp_dir);
        chmod(0755, $tmp_dir);

So when I do in my script:


It will only succeed once because the temporary directory
("/tmp/.webmin") is never deleted and thus tempname()
does exit(0).

I suggest to replace the "chmod(0755, $tmp_dir);"
statement with "chmod(0700, $tmp_dir);"

best regards,


Reply to: