Bug#415116: [pkg-horde] Bug#415116: Patch to upgrade Horde 3's /tmp cleanup script

[Ola Lundqvist]

Hi

Thanks a lot. Building a fixed version now.

Regards,

// Ola

On Sat, Mar 24, 2007 at 10:39:48PM +1100, Paul TBBle Hampson wrote:
> tags 415116 +patch
> Thankyou
> 
> This is simply a diff between 3.1.3 and 3.1.4 with the patch from the
> .diff.gz. It fixes the problem whereby a specially-created file in /tmp
> could allow arbitrary deletion of files by being broken up into space-
> delimited results by the for loops.
> 
> The upstream changes are at [1].
> 
> It also adds the 'Files from cancelled imports' check, which may or
> may not be appropriate for a security fix.
> 
> [1] http://cvs.horde.org/diff.php?r1=1.1.12.1&r2=1.1.12.2&f=horde%2Fscripts%2Ftemp-cleanup.cron
> 
> --- horde3-3.1.3/scripts/temp-cleanup.cron	2007-03-24 22:15:09.000000000 +1100
> +++ horde-3.1.4/scripts/temp-cleanup.cron	2007-03-24 22:35:08.000000000 +1100
> @@ -24,26 +24,19 @@
>  echo ${TMP_DIR:=/tmp} > /dev/null
>  
>  # MSWord attachments (generated by the MSword viewer)
> -for MSWORD_FILE in `find $TMP_DIR -type f -name msword\* -ctime +2 `; do
> -	rm -f $MSWORD_FILE
> -done
> +find $TMP_DIR -type f -name msword\* -ctime +2 -exec rm -f {} \;
>  
>  # IMP attachments
> -for IMP_FILE in `find $TMP_DIR -type f -name impatt\* -ctime +2 `; do
> -	rm -f $IMP_FILE
> -done
> +find $TMP_DIR -type f -name impatt\* -ctime +2 -exec rm -f {} \;
>  
>  # Klutz temporary files
> -for KLUTZ_FILE in `find $TMP_DIR -type f -name Klutz\* -ctime +2 `; do
> -	rm -f $KLUTZ_FILE
> -done
> +find $TMP_DIR -type f -name Klutz\* -ctime +2 -exec rm -f {} \;
>  
>  # Spell checking temporary files
> -for SPELL_FILE in `find $TMP_DIR -type f -name spell\* -ctime +2 `; do
> -	rm -f $SPELL_FILE
> -done
> +find $TMP_DIR -type f -name spell\* -ctime +2 -exec rm -f {} \;
>  
>  # VFS temporary files
> -for IMP_FILE in `find $TMP_DIR -type f -name vfs\* -ctime +2 `; do
> -	rm -f $IMP_FILE
> -done
> +find $TMP_DIR -type f -name vfs\* -ctime +2 -exec rm -f {} \;
> +
> +# Files from cancelled imports
> +find $TMP_DIR -type f -name import\* -ctime +2 -exec rm -f {} \;
> 
> -- 
> Paul "TBBle" Hampson, Paul.Hampson at Pobox.com
> 
> Shorter .sig for a more eco-friendly paperless office.



> _______________________________________________
> pkg-horde-hackers mailing list
> pkg-horde-hackers at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-horde-hackers

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal at debian.org                     Annebergsslingan 37      \
|  ola at opalsys.net                     654 65 KARLSTAD          |
|  +46 (0)54-10 14 30                  +46 (0)70-332 1551       |
|  http://opalsys.net/                 UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------