thr3ads.net - Secure testing team - [Secure-testing-team] Bug#507482: Insecure tmpdir creation?! [Dec 2008]

If this information is useful, please help other people find it:
Share via:

Loïc Minier

2008-Dec-01 17:51 UTC

[Secure-testing-team] Bug#507482: Insecure tmpdir creation?!

Package: devscripts
Version: 2.10.41
Severity: normal
Tags: security


        Hi

 I don''t know how exploitable tmp dirs with debsign''s files
are,
 probably not much, but this could be avoided:

dosigning() {
    # Do we have to download the changes file?
    if [ -n "$remotehost" ]
    then
        cd ${TMPDIR:-/tmp}
        if [ ! -d "debsign.$$" ]
        then
            mkdir debsign.$$ || { echo "$PROGNAME: Can''t
mkdir!" >&2; exit 1; }
        fi
        trap "cleanup_tmpdir" 0 1 2 3 7 10 13 15
        cd debsign.$$


 Please don''t use $$, also I think it''d be best to setup the
clean hook
 before creating the dir.

 Something like:

tmp_dir=""
cleanup() {
    if [ -n "$tmp_dir" ]; then
        rm -rf "$tmp_dir"
    fi
}
trap "cleanup" 0 1 2 3 9 11 13 15
tmp_dir="$(mktemp -dt "debsign.XXXXXXXXXX")"

  Cheers

-- 
Lo?c Minier

Secure testing team - Dec 2008 - Bug#507482: Insecure tmpdir creation?!

[Secure-testing-team] Bug#507482: Insecure tmpdir creation?!