[email protected]
[Top] [All Lists]

Bug#286392: marked as forwarded (autopoint: Insecure temporary directory

Subject: Bug#286392: marked as forwarded autopoint: Insecure temporary directory usage
From: Debian Bug Tracking System
Date: Sun, 19 Dec 2004 16:48:07 -0800
Your message dated Mon, 20 Dec 2004 01:28:38 +0100 (CET)
with message-id <[email protected]>
has caused the Debian Bug report #286392,
regarding autopoint: Insecure temporary directory usage
to be marked as having been forwarded to the upstream software
author(s) [email protected]

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at 286392-forwarded) by bugs.debian.org; 20 Dec 2004 00:30:11 +0000
>From [email protected] Sun Dec 19 16:30:11 2004
Return-path: <[email protected]>
Received: from pizarro.unex.es [] (postfix)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1CgBRD-0004Pd-00; Sun, 19 Dec 2004 16:30:11 -0800
Received: from localhost (almendralejo.unex.es [])
        by pizarro.unex.es (Postfix/MJ-1.08) with ESMTP
        id B8506A1C67; Mon, 20 Dec 2004 01:30:09 +0100 (CET)
Received: from pizarro.unex.es ([])
        by localhost (emilio []) (amavisd-new, port 10024)
        with ESMTP id 12229-02; Mon, 20 Dec 2004 01:30:32 +0100 (CET)
Received: from cantor.unex.es (cantor.unex.es [])
        by pizarro.unex.es (Postfix/MJ-1.08) with ESMTP
        id BCCB9A1C4E; Mon, 20 Dec 2004 01:30:08 +0100 (CET)
Date: Mon, 20 Dec 2004 01:28:38 +0100 (CET)
From: Santiago Vila <[email protected]>
To: [email protected]
Cc: [email protected],
        =?iso-8859-1?Q?Javier_Fern=E1ndez-Sanguino_Pe=F1a?= <[email protected]>
Subject: Bug#286392: autopoint: Insecure temporary directory usage (fwd)
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID: <[email protected]>
Content-Disposition: INLINE
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at unex.es
Delivered-To: [email protected]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER,
        HAS_PACKAGE autolearn=ham version=2.60-bugs.debian.org_2004_03_25


Received this from the Debian bug system.

---------- Forwarded message ----------
From: Javier Fern=E1ndez-Sanguino Pe=F1a <[email protected]>
To: [email protected]
Date: Mon, 20 Dec 2004 00:49:41 +0100
Subject: Bug#286392: autopoint: Insecure temporary directory usage

Package: gettext
Version: 0.14.1-6
Priority: normal
Tags: security

The autopoint script does not protect itself from temporary directory
attacks. Even though it creates a temporary directory and will abort
if it exists, the directory itself is not safe (depends on the user's
umask) and symlink attacks can be used against the directory contents
through race conditions. For example, consider the possibility of a
user with an "open" umask that creates file writable by his group,
a member of the same group could create a CVS directory in autopoint's
directory and have symlinks from common CVS files there (CVSRoot) to
other files to force a symlink attack to files the user might not have=3D20
access and belong to the user running the script.

The attached patch tries to prevent this by using safer umask settings
when creating the temporary directories.



PS: I initially reported this to the security team back in June,
but have not found time to follow up on this issue until today.
Security team, please check
Resent-Message-ID: <[email protected]>

--- autopoint.orig=092004-12-20 00:44:05.000000000 +0100
+++ autopoint=092004-12-20 00:44:48.000000000 +0100
@@ -310,6 +310,8 @@
 # - work_dir        directory containing the temporary checkout
+umask 077
 mkdir "$cvs_dir"
 if [ $? -ne 0 ]; then
   echo "ERROR making $cvs_dir"
@@ -320,6 +322,7 @@
   echo "ERROR making $work_dir"
   exit 1
+umask $um
 export CVSROOT

To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

<Prev in Thread] Current Thread [Next in Thread>
  • Bug#286392: marked as forwarded (autopoint: Insecure temporary directory usage), Debian Bug Tracking System <=