Jan Hauke Rahm
2008-Sep-14 11:05 UTC
[Secure-testing-team] Bug#498899: Unsecure use of temporary files
Package: python2.4-examples
Version: 2.4.5-5
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224
Hi Matthias,
in your script "Tools/faqwiz/move-faqwiz.sh" you use $RANDOM to create
a
temporary file. This is very unsecure and should be replaced by mktemp.
The following patch tries to solve that and beyond that solves your
bashism bug #489648.
Please test the patch thoroughly and upload ASAP if appropiate.
Cheers,
Hauke
*** bashandtmp.patch
diff -Naur python2.4-2.4.5~/Tools/faqwiz/move-faqwiz.sh
python2.4-2.4.5/Tools/faqwiz/move-faqwiz.sh
- --- python2.4-2.4.5~/Tools/faqwiz/move-faqwiz.sh 2008-09-14 12:36:45.000000000
+0200
+++ python2.4-2.4.5/Tools/faqwiz/move-faqwiz.sh 2008-09-14 12:40:44.000000000
+0200
@@ -9,7 +9,7 @@
# blackjesus:~> ./move-faqwiz.sh 2\.1 3\.2
# Moving FAQ question 02.001 to 03.002
- -if [ x$2 == x ]; then
+if [ x$2 = x ]; then
echo "Need 2 args: original_version final_version."
exit 2
fi
@@ -19,7 +19,7 @@
exit 2
fi
- -function cut_n_pad() {
+cut_n_pad () {
t=`echo $1 | cut -d. -f $2`
export $3=`echo $t | awk "{ tmp = \\$0; l = length(tmp); for (i = 0; i
< $2-l+1; i++) { tmp = "0".tmp } print tmp }"`
}
@@ -28,7 +28,7 @@
cut_n_pad $1 2 suffix1
cut_n_pad $2 1 prefix2
cut_n_pad $2 2 suffix2
- -tmpfile=tmp$RANDOM.tmp
+tmpfile=`mktemp`
file1=faq$prefix1.$suffix1.htp
file2=faq$prefix2.$suffix2.htp
- -- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (700, ''testing''), (600,
''unstable''), (500, ''experimental'')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iFYEARELAAYFAkjM798ACgkQGOp6XeD8cQ2LRgDgg5MWslv+21jb7dv/kzfwQC6q
wRWVmLZ+2zLAywDeKwmZ8asTsBpGIoXInoXpvne9qRrvQU0vJStGng==xWvB
-----END PGP SIGNATURE-----