- create temporary file in ~/.elm instead in /tmp.

Changed files:
    elm-security.patch -> 1.1

diff --git a/elm-security.patch b/elm-security.patch
new file mode 100644 (file)
index 0000000..7d0235a
--- /dev/null
+++ b/elm-security.patch
@@ -0,0 +1,82 @@
+From owner-linux-security@tarsier.cv.nrao.edu Sat Sep  2 11:42:09 1995
+Received: from tarsier.cv.nrao.edu (tarsier.cv.nrao.edu [192.33.115.50]) by redhat.com (8.6.11/8.6.9) with ESMTP id LAA10004 for <marc@redhat.com>; Sat, 2 Sep 1995 11:42:05 -0400
+Received: (from majdom@localhost) by tarsier.cv.nrao.edu (8.6.12/8.6.9) id IAA06787; Sat, 2 Sep 1995 08:47:44 -0400
+Received: from cortex.AMS.Med.Uni-Goettingen.DE (root@cortex.AMS.Med.Uni-Goettingen.DE [134.76.140.101]) by tarsier.cv.nrao.edu (8.6.12/8.6.9) with ESMTP id FAA06456; Sat, 2 Sep 1995 05:57:10 -0400
+Received: by cortex.AMS.Med.Uni-Goettingen.DE (Smail3.1.29.1 #9)
+       id m0sopJH-0005G8C; Sat, 2 Sep 95 11:56 MET DST
+Date: Sat, 2 Sep 1995 11:56:22 +0200 (MET DST)
+From: Lutz Pressler <Lutz.Pressler@Unix.AMS.Med.Uni-Goettingen.DE>
+To: Olaf Kirch <okir@monad.swb.de>
+cc: linux-security@tarsier.cv.nrao.edu, BUGTRAQ@CRIMELAB.COM
+Subject: elm and /tmp/mbox.*: patch
+Message-ID: <Pine.LNX.3.91lp.950902113951.11841A-100000@cortex.AMS.Med.Uni-Goettingen.DE>
+MIME-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Sender: owner-linux-security@tarsier.cv.nrao.edu
+Precedence: list
+Status: RO
+
+-----BEGIN PGP SIGNED MESSAGE-----
+
+Hello,
+
+as Olaf Kirch <okir@monad.swb.de> found out, elm (at least 2.4, including
+elm-2.4pl24me6) opens it's temporary mbox file in /tmp without checking
+for existing symlinks. This can be exploited by a local user: for example
+to create an .rhosts file for another account which has none yet - with
+valid entries, thus getting access to that account.
+
+The following patch (to be applied in the elm distribution directory)
+disables this possibility by changing the temporary mailbox file location
+to be .mbox.* in the users' home directory. This prohibits multiple elm
+sessions on different hosts with shared home dir, but as in this case the
+mail spool is probably shared, too, this should not be a problem.
+
+It seems that the other files sometimes created by elm in /tmp are not
+so problematic. I haven't checked this thoroughly yet though.
+
+Regards,
+  Lutz
+
+Patch follows (remove PGPs "- " !):
+
+--- elm2.5.3/hdrs/sysdefs.SH.security  Tue Feb 29 08:12:44 2000
++++ elm2.5.3/hdrs/sysdefs.SH   Tue Feb 29 08:17:14 2000
+@@ -107,7 +107,7 @@
+ #define       default_temp    "$tmpdir/"
+ #define temp_file     "snd."
+ #define temp_form_file        "form."
+-#define temp_mbox     "mbox."
++#define temp_mbox     ".mbox."
+ #define temp_print      "print."
+ #define temp_edit     "elm-edit"
+ #define temp_uuname   "uuname."
+--- elm2.5.3/src/newmbox.c.security    Tue Feb 29 08:10:35 2000
++++ elm2.5.3/src/newmbox.c     Tue Feb 29 08:18:20 2000
+@@ -244,7 +244,7 @@
+ 
+       char *cp;
+ 
+-      sprintf(tempfn, "%s%s", default_temp, temp_mbox);
++      sprintf(tempfn, "%s/.elm/%s", user_home, temp_mbox);
+         cp = basename(mbox);
+       if (strcmp(cp, "mbox") == 0 || strcmp(cp, "mailbox") == 0 ||
+               strcmp(cp, "inbox") == 0 || *cp == '.')
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2i
+
+iQCVAwUBMEgqGE8rRJEuvpUdAQGQKAP9H2UXf3CbyC5/fZifAV9OzKoR6eGEwloA
+H/8+OJEfpwOacYCpcoi4Njkaj2bEzjlyRxzDnz0VBFPdurxvFsN2cM9qMAN2tvNZ
+qnP73hXFkLsi/ga8mmuVYeYgzoZJZOzPKSgA7SvtV8aD8WR/IK9Ze56beei5BIEx
+jlwv9TGpI7A=
+=82WU
+-----END PGP SIGNATURE-----
+
+
+--
+Lutz Pre"sler      <URL:http://www.AMS.Med.Uni-Goettingen.DE/~lpressl1/>
+Systemverwaltung -- Abt. Medizinische Statistik, Universit"at G"ottingen
+Humboldtallee 32, D-37073 G"ottingen, Tel.: +49(0551) 39-9774 FAX: -4995
+<Lutz.Pressler@AMS.Med.Uni-Goettingen.DE> [PGP-key:WWW&Keyserver] IRC:lp
+