Bug#775139: mktexlsr: insecure use of /tmp

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#775139: mktexlsr: insecure use of /tmp
From: Jakub Wilk <jwilk@debian.org>
Date: Sun, 11 Jan 2015 22:52:57 +0100
Message-id: <[🔎] 20150111215257.GA3776@jwilk.net>
Reply-to: Jakub Wilk <jwilk@debian.org>, 775139@bugs.debian.org

Package: texlive-binaries
Version: 2014.20140926.35254-4
Tags: security

This is how mktexlsr uses temporary files (with boring parts snipped):

treefile="${TMPDIR-/tmp}/mktexlsrtrees$$.tmp"
# ...
while test $# -gt 0; do
   # ...
   (umask 077
   if echo "$1" >>"$treefile"; then :; else
     echo "$progname: $treefile: could not append to arg file, goodbye." >&2
     exit 1
   fi
   # ...
done

This is insecure because the filename is predictable and, moreimportantly, the program doesn't fail atomically if the file alreadyexists.


Please use mktemp(1) for creating temporary files.

--
Jakub Wilk

Reply to:

Follow-Ups:
- Bug#775139: mktexlsr: insecure use of /tmp
  - From: Norbert Preining <preining@logic.at>
- Bug#775139: marked as done (mktexlsr: insecure use of /tmp)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#774942: texlive-latex-extra: package description has too many blank lines and is too long
Next by Date: Bug#775139: mktexlsr: insecure use of /tmp
Previous by thread: Bug#752773: Bug report: the new listings.sty yields failures
Next by thread: Bug#775139: mktexlsr: insecure use of /tmp
Index(es):
- Date
- Thread