Package: tetex-bin Version: 2.0.2-24 Priority: important Tags: security The xdvizilla script does not protect itself from temporary filename attacks since it creates file in an insecure manner (using the process PID to try to protect its creation) and does not check wether files (or directories) exist prior to using them. The attached patch fixes this behaviour. Regards Javier PS: I initially reported this to the security team back in June, but have not found time to follow up on this issue until today. Security team, please check Resent-Message-ID: <20040624124521.GA10101@dat.etsit.upm.es>
--- xdvizilla.orig 2004-12-19 22:57:08.000000000 +0100
+++ xdvizilla 2004-12-19 23:13:03.000000000 +0100
@@ -33,7 +33,7 @@
case "$FILETYPE" in
*"gzip compressed data"*)
- FILE=/tmp/xdvizilla$$
+ FILE=`mktemp -t xdvizilla.XXXXXX` || { echo "$0: Cannot create temporary file"; exit 1 }
gunzip -c "$1" > $FILE
[ -n "$NO_RM" ] || rm -f -- "$1"
NO_RM=
@@ -41,7 +41,7 @@
;;
*"compressed data"* | *"compress'd data"*)
- FILE=/tmp/xdvizilla$$
+ FILE=`mktemp -t xdvizilla.XXXXXX` || { echo "$0: Cannot create temporary file"; exit 1 }
uncompress -c "$1" > $FILE
[ -n "$NO_RM" ] || rm -f -- "$1"
NO_RM=
@@ -60,7 +60,7 @@
case "$FILETYPE" in
*" tar archive")
- TARDIR=/tmp/xdvitar$$
+ TARDIR=`mktemp -t -d xdvitar.XXXXXX` || { echo "$0: Cannot create temporary directory"; exit 1 }
mkdir $TARDIR
cat "$FILE" | (cd $TARDIR; tar xf -)
DVINAME=`tar tf "$FILE" | grep '\.dvi$' | head -1`