]>
Commit | Line | Data |
---|---|---|
3a965061 | 1 | From vendor-sec-owner@ns.caldera.de Fri Dec 29 13:24:23 2000 |
2 | Return-Path: <vendor-sec-owner@ns.caldera.de> | |
3 | Received: from lacrosse.corp.redhat.com (IDENT:root@lacrosse.corp.redhat.com [207.175.42.154]) | |
4 | by devserv.devel.redhat.com (8.11.0/8.11.0) with ESMTP id eBTIONF14629; | |
5 | Fri, 29 Dec 2000 13:24:23 -0500 | |
6 | Received: from mail.redhat.com (mail.redhat.com [199.183.24.239]) | |
7 | by lacrosse.corp.redhat.com (8.9.3/8.9.3) with ESMTP id NAA16673 | |
8 | for <security@lacrosse.redhat.com>; Fri, 29 Dec 2000 13:24:22 -0500 | |
9 | Received: from ns.caldera.de (ns.caldera.de [212.34.180.1]) | |
10 | by mail.redhat.com (8.11.0/8.8.7) with ESMTP id eBTIOLD01691 | |
11 | for <security@redhat.com>; Fri, 29 Dec 2000 13:24:21 -0500 | |
12 | Received: (from daemon@localhost) | |
13 | by ns.caldera.de (8.9.3/8.9.3) id TAA17031 | |
14 | for vendor-sec-real; Fri, 29 Dec 2000 19:09:48 +0100 | |
15 | Received: (from daemon@localhost) | |
16 | by ns.caldera.de (8.9.3/8.9.3) id TAA17022 | |
17 | for vendor-sec@lst.de; Fri, 29 Dec 2000 19:09:47 +0100 | |
18 | Received: from UNKNOWN(216.161.55.93), claiming to be "blue.int.wirex.com" | |
19 | via SMTP by ns.caldera.de, id smtpdmWA3S4; Fri Dec 29 19:09:41 2000 | |
20 | Received: (from greg@localhost) | |
21 | by blue.int.wirex.com (8.9.3/8.9.3) id KAA29894; | |
22 | Fri, 29 Dec 2000 10:10:26 -0800 | |
23 | Date: Fri, 29 Dec 2000 10:10:26 -0800 | |
24 | From: Greg KH <greg@wirex.com> | |
25 | To: gleasokr@boulder.colorado.edu | |
26 | Cc: vendor-sec@lst.de, security@wirex.com | |
27 | Subject: temp file creation problem in getty_ps | |
28 | Message-ID: <20001229101026.F29373@wirex.com> | |
29 | Mime-Version: 1.0 | |
30 | Content-Type: text/plain; charset=us-ascii | |
31 | Content-Disposition: inline | |
32 | User-Agent: Mutt/1.2.5i | |
33 | X-Operating-System: Linux 2.2.18-immunix (i686) | |
34 | Status: RO | |
35 | Content-Length: 1098 | |
36 | ||
37 | Hi, | |
38 | ||
39 | In building Immunix Linux 7.0, we ran across the following problem in | |
40 | getty_ps 2.0.7j: | |
41 | ||
42 | The function makelock, in the file uufuncs.c creates temp files in an | |
43 | insecure way. The patch below, by Steve Beattie <steve@wirex.com> | |
44 | should fix this problem. | |
45 | ||
46 | thanks, | |
47 | ||
48 | greg k-h | |
49 | ||
50 | ||
51 | diff -ur getty_ps-2.0.7j-orig/uufuncs.c getty_ps-2.0.7j/uufuncs.c | |
52 | --- getty_ps-2.0.7j-orig/uufuncs.c Fri Dec 15 18:41:09 2000 | |
53 | +++ getty_ps-2.0.7j/uufuncs.c Fri Dec 15 18:53:49 2000 | |
54 | @@ -74,7 +74,7 @@ | |
55 | char *name; | |
56 | { | |
57 | int fd, pid; | |
58 | - char *temp, buf[MAXLINE+1]; | |
59 | + char temp[MAXLINE+1]; | |
60 | #ifdef ASCIIPID | |
61 | char apid[16]; | |
62 | #endif /* ASCIIPID */ | |
63 | @@ -86,12 +86,13 @@ | |
64 | ||
65 | /* first make a temp file | |
66 | */ | |
67 | - (void) sprintf(buf, LOCK, "TM.XXXXXX"); | |
68 | - if ((fd = creat((temp=mktemp(buf)), 0444)) == FAIL) { | |
69 | + (void) sprintf(temp, LOCK, "TM.XXXXXX"); | |
70 | + if ((fd = mkstemp(temp)) == FAIL) { | |
71 | logerr("create failed on temp lockfile \"%s\": %s", | |
72 | temp, strerror(errno)); | |
73 | return(FAIL); | |
74 | } | |
75 | + fchmod(fd, 0444); | |
76 | debug(D_LOCK, "temp = (%s)", temp); | |
77 | ||
78 | /* put my pid in it | |
79 | ||
80 | -- | |
81 | greg@(kroah|wirex).com | |
82 | http://immunix.org/~greg | |
83 | ||
84 |