summaryrefslogtreecommitdiff
path: root/debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch')
-rw-r--r--debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch116
1 files changed, 116 insertions, 0 deletions
diff --git a/debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch b/debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch
new file mode 100644
index 0000000..5496a87
--- /dev/null
+++ b/debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch
@@ -0,0 +1,116 @@
+From 827f2bdd369907ce7510268c6c01a350dd7cb57d Mon Sep 17 00:00:00 2001
+From: Manoj Srivastava <srivasta@debian.org>
+Date: Fri, 29 Aug 2008 17:53:34 -0500
+Subject: [PATCH 2/4] Fix unsafe use of symbolic links in /tmp
+
+If a script uses a temp file which is created in /tmp, then an
+attacker can create symlink with the same name in this directory in
+order to destroy or rewrite some system or user files. Symlink attack
+may also lead not only to the data desctruction but to denial of
+service as well. Creating files with rand or pid to randomize the file
+names is not adequate to protect the system.
+
+We now use File::Temp to safely create the temporary files as needed.
+
+Signed-off-by: Manoj Srivastava <srivasta@debian.org>
+---
+ pat/patcil.SH | 14 ++++++++------
+ pat/patdiff.SH | 22 ++++++++++++++--------
+ 2 files changed, 22 insertions(+), 14 deletions(-)
+
+diff --git a/pat/patcil.SH b/pat/patcil.SH
+index c6912b3..d8d0511 100755
+--- a/pat/patcil.SH
++++ b/pat/patcil.SH
+@@ -61,6 +61,8 @@ $startperl
+ !GROK!THIS!
+ cat >>patcil <<'!NO!SUBS!'
+
++use File::Temp qw/ tempfile tempdir /;
++
+ $progname = &profile; # Read ~/.dist_profile
+ require 'getopts.pl';
+ &usage unless $#ARGV >= 0;
+@@ -504,12 +506,12 @@ x Toggle patch# prefix.
+
+ sub edit {
+ local($text) = join("\n", @_);
+- open(TMP,">/tmp/cil$$") || die "Can't create /tmp/cil$$";
+- print TMP $text;
+- close TMP;
+- system $EDITOR, "/tmp/cil$$";
+- $text = `cat /tmp/cil$$`;
+- unlink "/tmp/cil$$";
++ my $tmp = File::Temp->new();
++ print $tmp $text;
++ close $tmp;
++ system $EDITOR, "$tmp";
++ $text = `cat "$tmp"`;
++ unlink "$tmp";
+ $text;
+ }
+
+diff --git a/pat/patdiff.SH b/pat/patdiff.SH
+index 991d4bf..3ca1973 100755
+--- a/pat/patdiff.SH
++++ b/pat/patdiff.SH
+@@ -49,6 +49,8 @@ $startperl
+ !GROK!THIS!
+ cat >>patdiff <<'!NO!SUBS!'
+
++use File::Temp qw/ tempfile tempdir /;
++
+ $RCSEXT = ',v' unless $RCSEXT;
+ $TOPDIR = ''; # We are at top-level directory
+
+@@ -159,9 +161,11 @@ foreach $file (@ARGV) {
+ close DIFF;
+ system 'rcs', "-Nlastpat:$new", @files;
+ } else {
+- &copyright'expand("co -p -rlastpat $file", "/tmp/pdo$$");
+- &copyright'expand("co -p -r$new $file", "/tmp/pdn$$");
+- open(DIFF, "$mydiff /tmp/pdo$$ /tmp/pdn$$ |") ||
++ my $tmpo = File::Temp->new();
++ my $tmpn = File::Temp->new();
++ &copyright'expand("co -p -rlastpat $file", "$tmpo");
++ &copyright'expand("co -p -r$new $file", "$tmpn");
++ open(DIFF, "$mydiff $tmpo $tmpn |") ||
+ die "Can't run $mydiff";
+ while (<DIFF>) { # Contextual or unified diff
+ if ($. == 1) {
+@@ -177,7 +181,7 @@ foreach $file (@ARGV) {
+ }
+ close DIFF;
+ system 'rcs', "-Nlastpat:$new", @files;
+- unlink "/tmp/pdn$$", "/tmp/pdo$$";
++ unlink "$tmpo", "$tmpn";
+ }
+ } else {
+ if ($mydiff eq '') {
+@@ -191,9 +195,11 @@ foreach $file (@ARGV) {
+ }
+ close DIFF;
+ } else {
+- system "co -p -rlastpat $files >/tmp/pdo$$";
+- system "cp $file /tmp/pdn$$";
+- open(DIFF, "$mydiff /tmp/pdo$$ /tmp/pdn$$ |") ||
++ my $tmpo = File::Temp->new();
++ my $tmpn = File::Temp->new();
++ system "co -p -rlastpat $files >$tmpo";
++ system "cp $file $tmpn";
++ open(DIFF, "$mydiff $tmpo $tmpn |") ||
+ die "$progname: can't fork $mydiff: $!\n";
+ while (<DIFF>) {
+ # Contextual or unified diff
+@@ -209,7 +215,7 @@ foreach $file (@ARGV) {
+ print PATCH;
+ }
+ close DIFF;
+- unlink "/tmp/pdn$$", "/tmp/pdo$$";
++ unlink "$tmpo", "$tmpn";
+ }
+ }
+ }
+--
+2.0.0.rc0
+