[Pkg-urxvt-maintainers] Bug#654986: urxvt(7) manpage: insecure temporary file handling
Jakub Wilk
jwilk at debian.org
Sat Jan 7 17:50:43 UTC 2012
Package: rxvt-unicode
Version: 9.14-1
Tags: security
The urxvt(7) manual page contains examples, in which temporary files are
create insecurely:
1)
| As a rxvt or rxvt-unicode user, you are practically supposed to invest
| time into customising your terminal. To get you started, here is the
| author's .Xdefaults entries, with comments on what they do. It's
| certainly not typical, but what's typical...
|
| URxvt.cutchars: "()*,<>[]{}|'
| URxvt.print-pipe: cat >/tmp/xxx
2)
| The correct solution for this problem is to install the terminfo, this
| can be done by simply installing rxvt-unicode on the remote system as
| well (in case you have a nice package manager ready), or you can
| install the terminfo database manually like this (with ncurses infocmp.
| works as user and root):
|
| REMOTE=remotesystem.domain
| infocmp rxvt-unicode | ssh $REMOTE "mkdir -p .terminfo && cat >/tmp/ti && tic /tmp/ti"
If a user follow this examples, he'll be exposed to symlink attacks that
overwrite arbitrary files.
Please correct the examples to create temporary files in a secure
manner.
--
Jakub Wilk
More information about the Pkg-urxvt-maintainers
mailing list