[Pkg-lustre-maintainers] Bug#496371: Bug#496371: The possibility of attack with the help of symlinks in some Debian packages

[Patrick Winnertz]

Hello Dmitry,
Thanks for your test, but atm I've some problems to fix this issue for lustre-
tests
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files or user's files.
>
> For example if a script uses in its work a temp file which is  created
> in /tmp directory, then every user can create symlink  with  the  same
> name in this directory in order to  destroy  or  rewrite  some  system
> or user file.  Symlink attack may also  lead  not  only  to  the  data
> desctruction but to denial of service as well.
Btw: lustre-tests is a package which contains only binaries for debugging 
lustre, and is therefore only needed on very very few systems. 

But nevertheless this should be fixed. 

I guess the part which is critical is this one:
-----------snip------------------
while date; do
	LOOP=`expr $LOOP + 1`
	echo "Test #$LOOP"
	iozone $VERIFY $ODIR -r $REC -i 0 -i 1 -f $FILE -s $SIZE 2>&1 || exit $?
	[ -f endiozone -o $LOOP -ge $COUNT ] && rm -f endiozone && exit 0
done | tee /tmp/iozone.log
------------snap----------------

This small script creates a log of the iozone run in /tmp without checking if 
this file exists there.  Do you have any hints how to fix this issue? 

Greetings
Winnie


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-lustre-maintainers/attachments/20080827/bf7a4fb7/attachment.pgp