diff options
Diffstat (limited to 'debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch')
-rw-r--r-- | debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch b/debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch new file mode 100644 index 0000000..5496a87 --- /dev/null +++ b/debian/patches/0002-Fix-unsafe-use-of-symbolic-links-in-tmp.patch @@ -0,0 +1,116 @@ +From 827f2bdd369907ce7510268c6c01a350dd7cb57d Mon Sep 17 00:00:00 2001 +From: Manoj Srivastava <srivasta@debian.org> +Date: Fri, 29 Aug 2008 17:53:34 -0500 +Subject: [PATCH 2/4] Fix unsafe use of symbolic links in /tmp + +If a script uses a temp file which is created in /tmp, then an +attacker can create symlink with the same name in this directory in +order to destroy or rewrite some system or user files. Symlink attack +may also lead not only to the data desctruction but to denial of +service as well. Creating files with rand or pid to randomize the file +names is not adequate to protect the system. + +We now use File::Temp to safely create the temporary files as needed. + +Signed-off-by: Manoj Srivastava <srivasta@debian.org> +--- + pat/patcil.SH | 14 ++++++++------ + pat/patdiff.SH | 22 ++++++++++++++-------- + 2 files changed, 22 insertions(+), 14 deletions(-) + +diff --git a/pat/patcil.SH b/pat/patcil.SH +index c6912b3..d8d0511 100755 +--- a/pat/patcil.SH ++++ b/pat/patcil.SH +@@ -61,6 +61,8 @@ $startperl + !GROK!THIS! + cat >>patcil <<'!NO!SUBS!' + ++use File::Temp qw/ tempfile tempdir /; ++ + $progname = &profile; # Read ~/.dist_profile + require 'getopts.pl'; + &usage unless $#ARGV >= 0; +@@ -504,12 +506,12 @@ x Toggle patch# prefix. + + sub edit { + local($text) = join("\n", @_); +- open(TMP,">/tmp/cil$$") || die "Can't create /tmp/cil$$"; +- print TMP $text; +- close TMP; +- system $EDITOR, "/tmp/cil$$"; +- $text = `cat /tmp/cil$$`; +- unlink "/tmp/cil$$"; ++ my $tmp = File::Temp->new(); ++ print $tmp $text; ++ close $tmp; ++ system $EDITOR, "$tmp"; ++ $text = `cat "$tmp"`; ++ unlink "$tmp"; + $text; + } + +diff --git a/pat/patdiff.SH b/pat/patdiff.SH +index 991d4bf..3ca1973 100755 +--- a/pat/patdiff.SH ++++ b/pat/patdiff.SH +@@ -49,6 +49,8 @@ $startperl + !GROK!THIS! + cat >>patdiff <<'!NO!SUBS!' + ++use File::Temp qw/ tempfile tempdir /; ++ + $RCSEXT = ',v' unless $RCSEXT; + $TOPDIR = ''; # We are at top-level directory + +@@ -159,9 +161,11 @@ foreach $file (@ARGV) { + close DIFF; + system 'rcs', "-Nlastpat:$new", @files; + } else { +- ©right'expand("co -p -rlastpat $file", "/tmp/pdo$$"); +- ©right'expand("co -p -r$new $file", "/tmp/pdn$$"); +- open(DIFF, "$mydiff /tmp/pdo$$ /tmp/pdn$$ |") || ++ my $tmpo = File::Temp->new(); ++ my $tmpn = File::Temp->new(); ++ ©right'expand("co -p -rlastpat $file", "$tmpo"); ++ ©right'expand("co -p -r$new $file", "$tmpn"); ++ open(DIFF, "$mydiff $tmpo $tmpn |") || + die "Can't run $mydiff"; + while (<DIFF>) { # Contextual or unified diff + if ($. == 1) { +@@ -177,7 +181,7 @@ foreach $file (@ARGV) { + } + close DIFF; + system 'rcs', "-Nlastpat:$new", @files; +- unlink "/tmp/pdn$$", "/tmp/pdo$$"; ++ unlink "$tmpo", "$tmpn"; + } + } else { + if ($mydiff eq '') { +@@ -191,9 +195,11 @@ foreach $file (@ARGV) { + } + close DIFF; + } else { +- system "co -p -rlastpat $files >/tmp/pdo$$"; +- system "cp $file /tmp/pdn$$"; +- open(DIFF, "$mydiff /tmp/pdo$$ /tmp/pdn$$ |") || ++ my $tmpo = File::Temp->new(); ++ my $tmpn = File::Temp->new(); ++ system "co -p -rlastpat $files >$tmpo"; ++ system "cp $file $tmpn"; ++ open(DIFF, "$mydiff $tmpo $tmpn |") || + die "$progname: can't fork $mydiff: $!\n"; + while (<DIFF>) { + # Contextual or unified diff +@@ -209,7 +215,7 @@ foreach $file (@ARGV) { + print PATCH; + } + close DIFF; +- unlink "/tmp/pdn$$", "/tmp/pdo$$"; ++ unlink "$tmpo", "$tmpn"; + } + } + } +-- +2.0.0.rc0 + |