1 From vendor-sec-owner@ns.caldera.de Fri Dec 29 13:24:23 2000
2 Return-Path: <vendor-sec-owner@ns.caldera.de>
3 Received: from lacrosse.corp.redhat.com (IDENT:root@lacrosse.corp.redhat.com [207.175.42.154])
4 by devserv.devel.redhat.com (8.11.0/8.11.0) with ESMTP id eBTIONF14629;
5 Fri, 29 Dec 2000 13:24:23 -0500
6 Received: from mail.redhat.com (mail.redhat.com [199.183.24.239])
7 by lacrosse.corp.redhat.com (8.9.3/8.9.3) with ESMTP id NAA16673
8 for <security@lacrosse.redhat.com>; Fri, 29 Dec 2000 13:24:22 -0500
9 Received: from ns.caldera.de (ns.caldera.de [212.34.180.1])
10 by mail.redhat.com (8.11.0/8.8.7) with ESMTP id eBTIOLD01691
11 for <security@redhat.com>; Fri, 29 Dec 2000 13:24:21 -0500
12 Received: (from daemon@localhost)
13 by ns.caldera.de (8.9.3/8.9.3) id TAA17031
14 for vendor-sec-real; Fri, 29 Dec 2000 19:09:48 +0100
15 Received: (from daemon@localhost)
16 by ns.caldera.de (8.9.3/8.9.3) id TAA17022
17 for vendor-sec@lst.de; Fri, 29 Dec 2000 19:09:47 +0100
18 Received: from UNKNOWN(216.161.55.93), claiming to be "blue.int.wirex.com"
19 via SMTP by ns.caldera.de, id smtpdmWA3S4; Fri Dec 29 19:09:41 2000
20 Received: (from greg@localhost)
21 by blue.int.wirex.com (8.9.3/8.9.3) id KAA29894;
22 Fri, 29 Dec 2000 10:10:26 -0800
23 Date: Fri, 29 Dec 2000 10:10:26 -0800
24 From: Greg KH <greg@wirex.com>
25 To: gleasokr@boulder.colorado.edu
26 Cc: vendor-sec@lst.de, security@wirex.com
27 Subject: temp file creation problem in getty_ps
28 Message-ID: <20001229101026.F29373@wirex.com>
30 Content-Type: text/plain; charset=us-ascii
31 Content-Disposition: inline
32 User-Agent: Mutt/1.2.5i
33 X-Operating-System: Linux 2.2.18-immunix (i686)
39 In building Immunix Linux 7.0, we ran across the following problem in
42 The function makelock, in the file uufuncs.c creates temp files in an
43 insecure way. The patch below, by Steve Beattie <steve@wirex.com>
44 should fix this problem.
51 diff -ur getty_ps-2.0.7j-orig/uufuncs.c getty_ps-2.0.7j/uufuncs.c
52 --- getty_ps-2.0.7j-orig/uufuncs.c Fri Dec 15 18:41:09 2000
53 +++ getty_ps-2.0.7j/uufuncs.c Fri Dec 15 18:53:49 2000
58 - char *temp, buf[MAXLINE+1];
59 + char temp[MAXLINE+1];
65 /* first make a temp file
67 - (void) sprintf(buf, LOCK, "TM.XXXXXX");
68 - if ((fd = creat((temp=mktemp(buf)), 0444)) == FAIL) {
69 + (void) sprintf(temp, LOCK, "TM.XXXXXX");
70 + if ((fd = mkstemp(temp)) == FAIL) {
71 logerr("create failed on temp lockfile \"%s\": %s",
72 temp, strerror(errno));
76 debug(D_LOCK, "temp = (%s)", temp);
81 greg@(kroah|wirex).com
82 http://immunix.org/~greg