[Secure-testing-team] Bug#507482: Insecure tmpdir creation?!
Loïc Minier
lool at dooz.org
Mon Dec 1 17:51:22 UTC 2008
Package: devscripts
Version: 2.10.41
Severity: normal
Tags: security
Hi
I don't know how exploitable tmp dirs with debsign's files are,
probably not much, but this could be avoided:
dosigning() {
# Do we have to download the changes file?
if [ -n "$remotehost" ]
then
cd ${TMPDIR:-/tmp}
if [ ! -d "debsign.$$" ]
then
mkdir debsign.$$ || { echo "$PROGNAME: Can't mkdir!" >&2; exit 1; }
fi
trap "cleanup_tmpdir" 0 1 2 3 7 10 13 15
cd debsign.$$
Please don't use $$, also I think it'd be best to setup the clean hook
before creating the dir.
Something like:
tmp_dir=""
cleanup() {
if [ -n "$tmp_dir" ]; then
rm -rf "$tmp_dir"
fi
}
trap "cleanup" 0 1 2 3 9 11 13 15
tmp_dir="$(mktemp -dt "debsign.XXXXXXXXXX")"
Cheers
--
Loïc Minier
More information about the Secure-testing-team
mailing list