Hello, I'm not a C programmer but I guess solving this issue might go along the following path: Description: Create a secure directory for the FIFO TODO: Put a short summary on the line above and replace this paragraph with a longer explanation of this change. Complete the meta-information with other relevant fields (see below for details). To make it easier, the information below has been extracted from the changelog. Adjust it or drop it. . tvtime (1.0.11-4) unstable; urgency=medium . * QA upload. * Add the missing build dependency on pkg-config. Author: Helge Kreutzmann <debian@helgefjell.de> --- The information above should follow the Patch Tagging Guidelines, please checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here are templates for supplementary fields that you might want to add: Origin: other Bug-Debian: https://bugs.debian.org/924076 Forwarded: <no|not-needed|url proving that it has been forwarded> Reviewed-By: <name and email of someone who approved the patch> Last-Update: 2019-03-23 --- tvtime-1.0.11.orig/src/utils.c +++ tvtime-1.0.11/src/utils.c @@ -167,14 +167,19 @@ char *get_tvtime_fifo_filename( uid_t ui char *fifodir; char *fifo; + char *fifosdir; + + /* Create a secure private temporary directory */ + fifosdir = mkdtemp(FIFODIR "tvtimeXXXXXX"); + /* Create string for the directory in FIFODIR */ pwuid = getpwuid( uid ); if( pwuid ) { - if( asprintf( &fifodir, FIFODIR "/.TV-%s", pwuid->pw_name ) < 0 ) { + if( asprintf( &fifodir, "%s/.TV-%s", fifosdir, pwuid->pw_name ) < 0 ) { return 0; } } else { - if( asprintf( &fifodir, FIFODIR "/.TV-%u", uid ) < 0 ) { + if( asprintf( &fifodir, "%s/.TV-%u", fifosdir, uid ) < 0 ) { return 0; } } This code segfaults, does not contain error checks but hopefully someone with real C knowledge can make it work (and prevent tvtime from being removed). Greetings Helge -- Dr. Helge Kreutzmann debian@helgefjell.de Dipl.-Phys. http://www.helgefjell.de/debian.php 64bit GNU powered gpg signed mail preferred Help keep free software "libre": http://www.ffii.de/
Attachment:
signature.asc
Description: Digital signature