First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 146903
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo's Team for Core System packages <base-system@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: throw_away_2002@yahoo.com
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 146903 depends on: Show dependency tree
Show dependency graph
Bug 146903 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-09-08 22:53 0000 
I don't know if this represents something harmless, or a little more important
(maybe even a possible security problem), so I left the priority and severity
at the default levels, but emerging sys-fs/e2fsprogs-1.39 (the current latest
stable version) creates and leaves a file called sed.script in /tmp (owned by
root:root). The contents of the file:

/^#/d
/^$/d
s/__extension__ //
s/typedef \(.*\) __u\([1-9]*\);/#define __U\2_TYPEDEF \1/
s/typedef \(.*\) __s\([1-9]*\);/#define __S\2_TYPEDEF \1/

I don't know much about sed (and not much about problems that lead to security
issues), but I thought that creating files in /tmp with known names provided an
opportunity for mischief.

Thanks.

------- Comment #1 From SpanKY 2006-09-09 03:26:56 0000 ------- 
ugh, what an ugly little piece of code that generates this garbage

thanks for the bug report, should be fixed in cvs now
First Last Prev Next    No search results available      Search page      Enter new bug