Bug#77652: cgic-capture is unreliable and uses /tmp in a silly way
Package: cgic-capture
Version: 1.06-4
This program does this, for example:
stat("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=20480, ...}) = 0
open("/tmp/capcgi.dat", O_WRONLY|O_CREAT|O_EXCL, 01001101531) = -1 EEXIST (File exists)
fcntl(-1, F_GETFL) = -1 EBADF (Bad file descriptor)
...
write(1, "Your form submission was capture"..., 45) = 45
This is silly for a number of reasons:
* It shouldn't use fixed filename in /tmp for this, because that
prevents more than one user from using this program. Better would be
to use a file in the current directory and not open it with O_EXCL.
Then you could use it more than once and it still wouldn't be a
security risk unless you (foolishly) run your CGI scripts with an
inappropriately-writeable current directory.
* It fails to notice when it can't open the file and reports success
anyway.
* The documentation tells you to compile a filename into capture.c -
but of course with Debian the program comes precompiled, and the
documentation doesn't say where the file will appear.
* There are many better ways of debugging CGI scripts :-).
I suggest that:
* The filename is changed to be a `capcgi.dat' in the current
directory, and O_TRUNC is used instead of O_EXCL.
* The documentation be changed to (a) say where the file is put and
(b) warn the administrator not to use an inappropriately-writeable
directory for the current directory of their CGI scripts.
* The package priority is changed to `extra'.
Ian.
Reply to: