Bug#174987: tetex-bin: xdvi wrapper has a temporary file race condition (security hole)
On Fri, Jan 03, 2003 at 10:57:05AM -0500, Matt Zimmerman wrote:
> On Fri, Jan 03, 2003 at 09:00:45AM +0000, Julian Gilbey wrote:
>
> > severity 174987 grave
> > thanks
> >
> > Atsuhito,
> >
> > Ken's right; this is a bad bug. :-( Mea culpa.
> > Please can you do an upload with the new as soon as is possible?
> > (It's not in testing yet, so no need to do more than upload.)
>
> Am I to understand that this bug is not present in woody, then? If so, how
> is the situation handled there?
The woody version uses a shell script with the tempfile command. The
code is essentially:
tmp=`tempfile ...`
zcat ... > $tmp
I don't know whether tempfile is careful to check for the safety of
the directory more thoroughly than perl's File::Temp or not; if this
is not safe, then we have some serious problems pretty much everywhere
where tempfile is likely to be used.
Julian
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey, website: http://www.polya.uklinux.net/
Debian GNU/Linux Developer, see: http://people.debian.org/~jdg/
Visit http://www.thehungersite.com/ to help feed the hungry
Reply to: