[Secure-testing-team] Bug#498899: Unsecure use of temporary files

[Jan Hauke Rahm]

Package: python2.4-examples
Version: 2.4.5-5
Severity: grave
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224

Hi Matthias,

in your script "Tools/faqwiz/move-faqwiz.sh" you use $RANDOM to create a
temporary file. This is very unsecure and should be replaced by mktemp.

The following patch tries to solve that and beyond that solves your
bashism bug #489648.

Please test the patch thoroughly and upload ASAP if appropiate.

Cheers,
Hauke

*** bashandtmp.patch
diff -Naur python2.4-2.4.5~/Tools/faqwiz/move-faqwiz.sh python2.4-2.4.5/Tools/faqwiz/move-faqwiz.sh
- --- python2.4-2.4.5~/Tools/faqwiz/move-faqwiz.sh	2008-09-14 12:36:45.000000000 +0200
+++ python2.4-2.4.5/Tools/faqwiz/move-faqwiz.sh	2008-09-14 12:40:44.000000000 +0200
@@ -9,7 +9,7 @@
 #   blackjesus:~> ./move-faqwiz.sh 2\.1 3\.2
 #   Moving FAQ question 02.001 to 03.002
 
- -if [ x$2 == x ]; then
+if [ x$2 = x ]; then
     echo "Need 2 args: original_version final_version."
     exit 2
 fi
@@ -19,7 +19,7 @@
     exit 2
 fi
 
- -function cut_n_pad() {
+cut_n_pad () {
     t=`echo $1 | cut -d. -f $2`
     export $3=`echo $t | awk "{ tmp = \\$0; l = length(tmp); for (i = 0; i < $2-l+1; i++) { tmp = "0".tmp } print tmp  }"`
 }
@@ -28,7 +28,7 @@
 cut_n_pad $1 2 suffix1
 cut_n_pad $2 1 prefix2
 cut_n_pad $2 2 suffix2
- -tmpfile=tmp$RANDOM.tmp
+tmpfile=`mktemp`
 file1=faq$prefix1.$suffix1.htp
 file2=faq$prefix2.$suffix2.htp
 


- -- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (700, 'testing'), (600, 'unstable'), (500, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iFYEARELAAYFAkjM798ACgkQGOp6XeD8cQ2LRgDgg5MWslv+21jb7dv/kzfwQC6q
wRWVmLZ+2zLAywDeKwmZ8asTsBpGIoXInoXpvne9qRrvQU0vJStGng==
=xWvB
-----END PGP SIGNATURE-----