[Freewx-maint] Bug#775462: python-wxgtk3.0: wx.build.config: insecure use of /tmp
Jakub Wilk
jwilk at debian.org
Thu Jan 15 21:35:47 UTC 2015
Package: python-wxgtk3.0
Version: 3.0.1.1+dfsg-2
Tags: security
This is how wx.build.config uses temporary files:
xmltemp = tempfile.mktemp('.xml')
# First run swig to produce the XML file, adding
# an extra -D that prevents the old rename
# directives from being used
cmd = [ swig_cmd ] + swig_args + \
[ '-DBUILDING_RENAMERS', '-xmlout', xmltemp ] + \
['-I'+dir, '-o', cpp_file, i_file]
msg(' '.join(cmd))
spawn(cmd)
This is insecure, because mktemp() returns just a filename, without
creating the file on disk. From the documentation: "Use of this function
may introduce a security hole in your program. By the time you get
around to doing anything with the file name it returns, someone else may
have beaten you to the punch."
--
Jakub Wilk
More information about the Freewx-maint
mailing list