[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#318285: CAN-2005-2240 symlink attack in xpvm.tcl

tag 318285 patch
thanks

Hi,

Here's the CAN-2005-2240 fix for woody and sarge (sid upload is already
in incoming).

Cheers,

Matej

diff -u xpvm-1.2.5/src/xpvm.tcl xpvm-1.2.5/src/xpvm.tcl
--- xpvm-1.2.5/src/xpvm.tcl
+++ xpvm-1.2.5/src/xpvm.tcl
@@ -831,7 +831,7 @@
 
 set tfck [ info exists trace_file ]
 
-if { $tfck == 0 } { set trace_file "/tmp/xpvm.trace.$user" }
+if { $tfck == 0 } { set trace_file [ file join [ glob ~ ] ".xpvm_trace" ] }
 
 $CTRL.file_entry insert 0 $trace_file
 
diff -u xpvm-1.2.5/debian/changelog xpvm-1.2.5/debian/changelog
--- xpvm-1.2.5/debian/changelog
+++ xpvm-1.2.5/debian/changelog
@@ -1,3 +1,14 @@
+xpvm (1.2.5-7.2woody1) oldstable-security; urgency=high
+
+  * QA upload.
+  * Use ~/.xpvm_trace instead of /tmp/xpvm.trace.$USER to prevent symlink
+    attacks.  (Trace files are meant to be semi-persistent, so this is more
+    in line with user expectations than creating unique temporary files.)
+    [src/xpvm.tcl, src/help/traces.help, debian/xpvm.1, CAN-2005-2240]
+    Closes: #318285.
+
+ -- Matej Vela <vela@debian.org>  Sun,  4 Sep 2005 14:44:07 +0200
+
 xpvm (1.2.5-7.2) unstable; urgency=low
 
   * NMU
diff -u xpvm-1.2.5/debian/xpvm.1 xpvm-1.2.5/debian/xpvm.1
--- xpvm-1.2.5/debian/xpvm.1
+++ xpvm-1.2.5/debian/xpvm.1
@@ -64,7 +64,7 @@
 .BI \-T\  trace
 .B xpvm
 will normally create and store a trace file in the 
-.I /tmp
+user's home
 directory. To have the 
 .I trace
 file stored in some other location, use this option.
only in patch2:
unchanged:
--- xpvm-1.2.5.orig/src/help/traces.help
+++ xpvm-1.2.5/src/help/traces.help
@@ -13,7 +13,7 @@
 { to have a valid, writable trace file to work with, and so XPVM }
 { assumes a default trace file name: }
 {}
-{ 	/tmp/xpvm.trace.$(USER) }
+{ 	~/.xpvm_trace }
 {}
 { On the first execution of XPVM, this trace file will not yet exist, }
 { and so XPVM will proceed to write traces into this file and read }

diff -u xpvm-1.2.5/src/xpvm.tcl xpvm-1.2.5/src/xpvm.tcl
--- xpvm-1.2.5/src/xpvm.tcl
+++ xpvm-1.2.5/src/xpvm.tcl
@@ -831,7 +831,7 @@
 
 set tfck [ info exists trace_file ]
 
-if { $tfck == 0 } { set trace_file "/tmp/xpvm.trace.$user" }
+if { $tfck == 0 } { set trace_file [ file join [ glob ~ ] ".xpvm_trace" ] }
 
 $CTRL.file_entry insert 0 $trace_file
 
diff -u xpvm-1.2.5/debian/changelog xpvm-1.2.5/debian/changelog
--- xpvm-1.2.5/debian/changelog
+++ xpvm-1.2.5/debian/changelog
@@ -1,3 +1,14 @@
+xpvm (1.2.5-7.3sarge1) stable-security; urgency=high
+
+  * QA upload.
+  * Use ~/.xpvm_trace instead of /tmp/xpvm.trace.$USER to prevent symlink
+    attacks.  (Trace files are meant to be semi-persistent, so this is more
+    in line with user expectations than creating unique temporary files.)
+    [src/xpvm.tcl, src/help/traces.help, debian/xpvm.1, CAN-2005-2240]
+    Closes: #318285.
+
+ -- Matej Vela <vela@debian.org>  Sun,  4 Sep 2005 14:44:07 +0200
+
 xpvm (1.2.5-7.3) unstable; urgency=low
 
   * Uploading with maintainer set to QA Group
diff -u xpvm-1.2.5/debian/xpvm.1 xpvm-1.2.5/debian/xpvm.1
--- xpvm-1.2.5/debian/xpvm.1
+++ xpvm-1.2.5/debian/xpvm.1
@@ -64,7 +64,7 @@
 .BI \-T\  trace
 .B xpvm
 will normally create and store a trace file in the 
-.I /tmp
+user's home
 directory. To have the 
 .I trace
 file stored in some other location, use this option.
only in patch2:
unchanged:
--- xpvm-1.2.5.orig/src/help/traces.help
+++ xpvm-1.2.5/src/help/traces.help
@@ -13,7 +13,7 @@
 { to have a valid, writable trace file to work with, and so XPVM }
 { assumes a default trace file name: }
 {}
-{ 	/tmp/xpvm.trace.$(USER) }
+{ 	~/.xpvm_trace }
 {}
 { On the first execution of XPVM, this trace file will not yet exist, }
 { and so XPVM will proceed to write traces into this file and read }
Reply to: