Re: [SECURITY] New version of ghostscript released

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] New version of ghostscript released
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Thu, 23 Nov 2000 18:51:17 -0400
Message-id: <[🔎] 20001123185117.A9696@llama.nslug.ns.ca>
In-reply-to: <200011230133.eAN1Xnc17387@fog.mors.wiggy.net>; from wichert@cistron.nl on Thu, Nov 23, 2000 at 02:33:49AM +0100
References: <200011230133.eAN1Xnc17387@fog.mors.wiggy.net>

(I replied to the security announcement, and I didn't notice that
security@debian.org wasn't the same thing as
debian-security@lists.debian.org, so I'm sending it here, where I meant to.)

> ghostscript uses temporary files to do some of its work. Unfortunately
> the method used to create those files wasn't secure: mktemp was used
> to create a name for a temporary file, but the file was not opened
> safely.
 There seems to be a lot of this going on.  Is it possible to modify glibc
so that it flags dangerous actions with stuff in /tmp?  I don't thing such a
modified glibc should be part of the glibc package, but it could be useful
for people who wanted to look for programs with problems.  After we think we
have most of them :), maybe some checks for using deprecated functions could
be put in so calling tempnam would result in a warning being syslogged or a
warning printed to stdout, or something, asking the user to tell the
maintainer that the program did <whatever>.  This would catch some problems in
programs that aren't widely used, and so probably won't get audited.

 I guess the things to look for would be calls to tempnam, and calls to open
with O_CREAT and not O_EXCL, on files in publically writeable directories.
(This isn't quite right, I'm sure, but something in that vein.)  This would
add some overhead, and so it wouldn't be appropriate to use in the standard C
library.

 For starters, grep -l tmpnam -r /usr/bin/* gives:
/usr/bin/X11/xmgrace
/usr/bin/X11/xdvi.bin
/usr/bin/X11/sessreg
/usr/bin/X11/xdvi.real
/usr/bin/X11/oxdvi.real
/usr/bin/X11/oxdvi.bin
/usr/bin/amaya
/usr/bin/captoinfo
/usr/bin/compose
/usr/bin/ddd
/usr/bin/dpkg
/usr/bin/dvilj
/usr/bin/dvilj2p
/usr/bin/dvilj4
/usr/bin/dvilj4l
/usr/bin/dvilj6
/usr/bin/edit
/usr/bin/emacs
/usr/bin/emacs-20.7
/usr/bin/emacs20
/usr/bin/gracebat
/usr/bin/infotocap
/usr/bin/lclint
/usr/bin/lint
/usr/bin/octave
/usr/bin/octave-2.0.16.91
/usr/bin/octave2.0
/usr/bin/pdfeinitex
/usr/bin/pdfelatex
/usr/bin/pdfetex
/usr/bin/pdfevirtex
/usr/bin/pdfimages
/usr/bin/pdfinfo
/usr/bin/pdfinitex
/usr/bin/pdflatex
/usr/bin/pdftex
/usr/bin/pdftopbm
/usr/bin/pdftops
/usr/bin/pdftotext
/usr/bin/pdfvirtex
/usr/bin/perldoc
/usr/bin/perldoc-5.005
/usr/bin/print
/usr/bin/run-mailcap
/usr/bin/sdiff
/usr/bin/see
/usr/bin/tic
/usr/bin/w
/usr/bin/w.procps
/usr/bin/xfreecd
/usr/bin/xpdf

 I notice that this list includes dpkg!  Somebody should have a look...

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to:

Follow-Ups:
- Re: [SECURITY] New version of ghostscript released
  - From: Tollef Fog Heen <tollef@add.no>

Prev by Date: [mhpower@bos.bindview.com: LPRng: LPRng remote root exploit seen in the wild]
Next by Date: Re: nss-ldap security bug
Previous by thread: [mhpower@bos.bindview.com: LPRng: LPRng remote root exploit seen in the wild]
Next by thread: Re: [SECURITY] New version of ghostscript released
Index(es):
- Date
- Thread