[packages/getty_ps.git] / getty_ps-mktemp.patch

From vendor-sec-owner@ns.caldera.de Fri Dec 29 13:24:23 2000
Return-Path: <vendor-sec-owner@ns.caldera.de>
Received: from lacrosse.corp.redhat.com (IDENT:root@lacrosse.corp.redhat.com [207.175.42.154])
	by devserv.devel.redhat.com (8.11.0/8.11.0) with ESMTP id eBTIONF14629;
	Fri, 29 Dec 2000 13:24:23 -0500
Received: from mail.redhat.com (mail.redhat.com [199.183.24.239])
	by lacrosse.corp.redhat.com (8.9.3/8.9.3) with ESMTP id NAA16673
	for <security@lacrosse.redhat.com>; Fri, 29 Dec 2000 13:24:22 -0500
Received: from ns.caldera.de (ns.caldera.de [212.34.180.1])
	by mail.redhat.com (8.11.0/8.8.7) with ESMTP id eBTIOLD01691
	for <security@redhat.com>; Fri, 29 Dec 2000 13:24:21 -0500
Received: (from daemon@localhost)
	by ns.caldera.de (8.9.3/8.9.3) id TAA17031
	for vendor-sec-real; Fri, 29 Dec 2000 19:09:48 +0100
Received: (from daemon@localhost)
	by ns.caldera.de (8.9.3/8.9.3) id TAA17022
	for vendor-sec@lst.de; Fri, 29 Dec 2000 19:09:47 +0100
Received: from UNKNOWN(216.161.55.93), claiming to be "blue.int.wirex.com"
 via SMTP by ns.caldera.de, id smtpdmWA3S4; Fri Dec 29 19:09:41 2000
Received: (from greg@localhost)
	by blue.int.wirex.com (8.9.3/8.9.3) id KAA29894;
	Fri, 29 Dec 2000 10:10:26 -0800
Date: Fri, 29 Dec 2000 10:10:26 -0800
From: Greg KH <greg@wirex.com>
To: gleasokr@boulder.colorado.edu
Cc: vendor-sec@lst.de, security@wirex.com
Subject: temp file creation problem in getty_ps
Message-ID: <20001229101026.F29373@wirex.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-Operating-System: Linux 2.2.18-immunix (i686)
Status: RO
Content-Length: 1098

Hi,

In building Immunix Linux 7.0, we ran across the following problem in
getty_ps 2.0.7j:

The function makelock, in the file uufuncs.c creates temp files in an
insecure way.  The patch below, by Steve Beattie <steve@wirex.com>
should fix this problem.

thanks,

greg k-h


diff -ur getty_ps-2.0.7j-orig/uufuncs.c getty_ps-2.0.7j/uufuncs.c
--- getty_ps-2.0.7j-orig/uufuncs.c	Fri Dec 15 18:41:09 2000
+++ getty_ps-2.0.7j/uufuncs.c	Fri Dec 15 18:53:49 2000
@@ -74,7 +74,7 @@
 char *name;
 {
 	int fd, pid;
-	char *temp, buf[MAXLINE+1];
+	char temp[MAXLINE+1];
 #ifdef	ASCIIPID
 	char apid[16];
 #endif	/* ASCIIPID */
@@ -86,12 +86,13 @@
 
 	/* first make a temp file
 	 */
-	(void) sprintf(buf, LOCK, "TM.XXXXXX");
-	if ((fd = creat((temp=mktemp(buf)), 0444)) == FAIL) {
+	(void) sprintf(temp, LOCK, "TM.XXXXXX");
+	if ((fd = mkstemp(temp)) == FAIL) {
 		logerr("create failed on temp lockfile \"%s\": %s",
 		       temp, strerror(errno));
 		return(FAIL);
 	}
+	fchmod(fd, 0444);
 	debug(D_LOCK, "temp = (%s)", temp);
 
 	/* put my pid in it

-- 
greg@(kroah|wirex).com
http://immunix.org/~greg
Commit	Line	Data
3a965061	1	From vendor-sec-owner@ns.caldera.de Fri Dec 29 13:24:23 2000
	2	Return-Path: <vendor-sec-owner@ns.caldera.de>
	3	Received: from lacrosse.corp.redhat.com (IDENT:root@lacrosse.corp.redhat.com [207.175.42.154])
	4	by devserv.devel.redhat.com (8.11.0/8.11.0) with ESMTP id eBTIONF14629;
	5	Fri, 29 Dec 2000 13:24:23 -0500
	6	Received: from mail.redhat.com (mail.redhat.com [199.183.24.239])
	7	by lacrosse.corp.redhat.com (8.9.3/8.9.3) with ESMTP id NAA16673
	8	for <security@lacrosse.redhat.com>; Fri, 29 Dec 2000 13:24:22 -0500
	9	Received: from ns.caldera.de (ns.caldera.de [212.34.180.1])
	10	by mail.redhat.com (8.11.0/8.8.7) with ESMTP id eBTIOLD01691
	11	for <security@redhat.com>; Fri, 29 Dec 2000 13:24:21 -0500
	12	Received: (from daemon@localhost)
	13	by ns.caldera.de (8.9.3/8.9.3) id TAA17031
	14	for vendor-sec-real; Fri, 29 Dec 2000 19:09:48 +0100
	15	Received: (from daemon@localhost)
	16	by ns.caldera.de (8.9.3/8.9.3) id TAA17022
	17	for vendor-sec@lst.de; Fri, 29 Dec 2000 19:09:47 +0100
	18	Received: from UNKNOWN(216.161.55.93), claiming to be "blue.int.wirex.com"
	19	via SMTP by ns.caldera.de, id smtpdmWA3S4; Fri Dec 29 19:09:41 2000
	20	Received: (from greg@localhost)
	21	by blue.int.wirex.com (8.9.3/8.9.3) id KAA29894;
	22	Fri, 29 Dec 2000 10:10:26 -0800
	23	Date: Fri, 29 Dec 2000 10:10:26 -0800
	24	From: Greg KH <greg@wirex.com>
	25	To: gleasokr@boulder.colorado.edu
	26	Cc: vendor-sec@lst.de, security@wirex.com
	27	Subject: temp file creation problem in getty_ps
	28	Message-ID: <20001229101026.F29373@wirex.com>
	29	Mime-Version: 1.0
	30	Content-Type: text/plain; charset=us-ascii
	31	Content-Disposition: inline
	32	User-Agent: Mutt/1.2.5i
	33	X-Operating-System: Linux 2.2.18-immunix (i686)
	34	Status: RO
	35	Content-Length: 1098
	36
	37	Hi,
	38
	39	In building Immunix Linux 7.0, we ran across the following problem in
	40	getty_ps 2.0.7j:
	41
	42	The function makelock, in the file uufuncs.c creates temp files in an
	43	insecure way. The patch below, by Steve Beattie <steve@wirex.com>
	44	should fix this problem.
	45
	46	thanks,
	47
	48	greg k-h
	49
	50
	51	diff -ur getty_ps-2.0.7j-orig/uufuncs.c getty_ps-2.0.7j/uufuncs.c
	52	--- getty_ps-2.0.7j-orig/uufuncs.c Fri Dec 15 18:41:09 2000
	53	+++ getty_ps-2.0.7j/uufuncs.c Fri Dec 15 18:53:49 2000
	54	@@ -74,7 +74,7 @@
	55	char *name;
	56	{
	57	int fd, pid;
	58	- char *temp, buf[MAXLINE+1];
	59	+ char temp[MAXLINE+1];
	60	#ifdef ASCIIPID
	61	char apid[16];
	62	#endif /* ASCIIPID */
	63	@@ -86,12 +86,13 @@
	64
65	/* first make a temp file
66	*/
67	- (void) sprintf(buf, LOCK, "TM.XXXXXX");
68	- if ((fd = creat((temp=mktemp(buf)), 0444)) == FAIL) {
69	+ (void) sprintf(temp, LOCK, "TM.XXXXXX");
70	+ if ((fd = mkstemp(temp)) == FAIL) {
71	logerr("create failed on temp lockfile \"%s\": %s",
72	temp, strerror(errno));
73	return(FAIL);
74	}
75	+ fchmod(fd, 0444);
76	debug(D_LOCK, "temp = (%s)", temp);
77
78	/* put my pid in it
79
80	--
81	greg@(kroah\|wirex).com
82	http://immunix.org/~greg
83
84