Bug#636224: pu: package atop/1.23-1

To: 636224@bugs.debian.org
Subject: Bug#636224: pu: package atop/1.23-1
From: Jonathan Wiltshire <jmw@debian.org>
Date: Mon, 1 Aug 2011 16:00:11 +0100
Message-id: <[🔎] 20110801150011.GA28054@lupin.home.powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 636224@bugs.debian.org
In-reply-to: <[🔎] 20110801145201.27760.17136.reportbug@lupin>
References: <[🔎] 20110801145201.27760.17136.reportbug@lupin>

On Mon, Aug 01, 2011 at 03:52:01PM +0100, Jonathan Wiltshire wrote:
> Please consider in advance the attached patch. Happily, atop has the same
> version in all suites, so it can simply be applied to all of them. The
> unstable NMU is currently lurking in a delayed queue.

sorry, here it is :)


-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

diff --git a/acctproc.c b/acctproc.c
index 067ace8..3b71c42 100644
--- a/acctproc.c
+++ b/acctproc.c
@@ -126,7 +126,7 @@ static const char rcsid[] = "$Id: acctproc.c,v 1.26 2008/03/06 08:37:25 gerlof E
 #include "photoproc.h"
 #include "acctproc.h"
 
-#define	ACCTDIR		"/tmp/atop.d"
+#define	ACCTDIR		"/var/run/atop"
 #define	ACCTFILE	"atop.acct"
 #define	ACCTENV		"ATOPACCT"
 
@@ -331,7 +331,7 @@ acctswon(void)
 	if (semctl(semid, 1, GETVAL, 0) == SEMTOTAL)
 	{
 		/*
-		** create a new separate directory below /tmp
+		** create a new separate directory below /var/run
 		** for the accounting file;
 		** if this directory exists (e.g. previous atop-run killed)
 		** it will be cleaned and newly created
diff --git a/debian/changelog b/debian/changelog
index e33c0c1..b890434 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+atop (1.23-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2011-XXXX: Insecure use of a temporary files rawlog.c and
+    acctproc.c (Closes: #622794)
+
+ -- Jonathan Wiltshire <jmw@debian.org>  Mon, 01 Aug 2011 15:35:16 +0100
+
 atop (1.23-1) unstable; urgency=low
 
   * fixed typo (Closes: #467447)
diff --git a/rawlog.c b/rawlog.c
index 31f93a2..086d93c 100644
--- a/rawlog.c
+++ b/rawlog.c
@@ -477,18 +477,18 @@ rawread(unsigned int begintime, unsigned int endtime)
 		*/
 		fprintf(stderr, "Decompressing logfile ....\n");
 
-		snprintf(tmpname2, sizeof tmpname2, "/tmp/atopwrk%d", getpid());
-		snprintf(command,  sizeof command, "gunzip -c %s > %s",
-							tmpname1, tmpname2);
-		system (command);
+		snprintf(tmpname2, sizeof tmpname2, "/tmp/atopwrkXXXXXX");
 
-		if ( (rawfd = open(tmpname2, O_RDONLY)) == -1)
+		if ( (rawfd = mkstemp(tmpname2)) == -1)
 		{
 			fprintf(stderr, "%s - ", rawname);
 			perror("open decompressed raw file");
 			cleanstop(7);
 		}
 
+		snprintf(command,  sizeof command, "gunzip -c %s > %s",
+							tmpname1, tmpname2);
+		system (command);
 		unlink(tmpname2);
 	}

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#636224: pu: package atop/1.23-1
  - From: Jonathan Wiltshire <jmw@debian.org>

Prev by Date: Bug#636224: pu: package atop/1.23-1
Next by Date: Bug#622363: transition: libnotify 0.7
Previous by thread: Bug#636224: pu: package atop/1.23-1
Next by thread: Bug#636224: pu: package atop/1.23-1
Index(es):
- Date
- Thread