[Pkg-electronics-devel] Bug#506625: Security bug on temp file
Joseph Smidt
josephsmidt at gmail.com
Sun Nov 23 04:13:53 UTC 2008
Package: geda-gnetlist
Version: 1.4.0-2
Tags: patch
Severity: critical
Here a a security patch from fedora (
http://cvs.fedoraproject.org/viewvc//devel/geda-gnetlist/geda-gnetlist-CVE-mktemp.patch?view=markup):
--- scripts/sch2eaglepos.sh 2008-05-16 06:20:10.000000000 +0200
+++ scripts/sch2eaglepos.sh_cht 2008-11-18 21:49:04.000000000 +0100
@@ -2,6 +2,12 @@
# By Braddock Gaskill (braddock at braddock.com), August 2004. This
# software is hereby declared to be in the public domain by Braddock
# Gaskill, the author.
+
+# Updated by Chitlesh GOORAH - reason : Security bug on temporary
file (18Nov2008)
+# The issue is that the value of TMP is predictable
+# and a local evildoer could create a symlink causing some data to
be overwritten.
+#
+
FNAME="$1"
if [ -z "$FNAME" ]; then
echo "$0 <inputfile.sch>"
@@ -20,8 +26,8 @@
XSCALE=9000
YSCALE=9000
-TMP=/tmp/$$
-grep -B1 refdes= "$FNAME" |sed 's/=/ /' | cut -d" " -f2,3 |grep -v
'^--' >/tmp/$$
+TMP=`mktemp`
+grep -B1 refdes= "$FNAME" |sed 's/=/ /' | cut -d" " -f2,3 |grep -v '^--' > $TMP
3<$TMP
while read -u 3; do
More information about the Pkg-electronics-devel
mailing list