Bug#521107: #521107: unsafe /tmp usage in xfs (yes, I know that you orphan it)

To: Luciano Bello <luciano@debian.org>
Cc: 521107@bugs.debian.org
Subject: Bug#521107: #521107: unsafe /tmp usage in xfs (yes, I know that you orphan it)
From: Julien Cristau <jcristau@debian.org>
Date: Tue, 20 Oct 2009 23:00:37 +0200
Message-id: <[🔎] 20091020210037.GB1174@radis.liafa.jussieu.fr>
Reply-to: Julien Cristau <jcristau@debian.org>, 521107@bugs.debian.org
In-reply-to: <[🔎] 200910201641.17525.luciano@debian.org>
References: <200910201527.04336.luciano@debian.org> <20091020185356.GA1174@radis.liafa.jussieu.fr> <[🔎] 200910201641.17525.luciano@debian.org>

On Tue, Oct 20, 2009 at 16:41:16 -0300, Luciano Bello wrote:

> El Mar 20 Oct 2009, Julien Cristau escribió:
> > this is completely broken, you're missing $() around the mktemp
> > invocation, you're never using SOCKET_DIR_TMP, your mktemp call has
> > only 2 X's, and you're not removing the existing $SOCKET_DIR.  So, what
> > exactly are you trying to fix?
> 
> Sorry. 
> -    mv $SOCKET_DIR $SOCKET_DIR.$$
> +    $SOCKET_DIR_TMP=$(mktemp -d $SOCKET_DIR.XXXXX)
> +    mv $SOCKET_DIR/* $SOCKET_DIR_TMP/
> 
> and I badcopied the bug number (is #521107)
> 
> The point is fix the Insecure Temporary File Creation Vulnerability.
> 
It's still not clear to me what you think the above would fix.

Cheers,
Julien

Reply to:

References:
- Bug#521107: #521107: unsafe /tmp usage in xfs (yes, I know that you orphan it)
  - From: Luciano Bello <luciano@debian.org>

Prev by Date: Processed: Re: Bug#551663: Fixed in 2.6.32rc5
Next by Date: Bug#551744: xserver-xorg-input-synaptics: Tapping is not recognize
Previous by thread: Bug#521107: #521107: unsafe /tmp usage in xfs (yes, I know that you orphan it)
Next by thread: Bug#551803: [xserver-xorg] frequent X lockups, system still accessible via ssh
Index(es):
- Date
- Thread