146903 – sys-fs/e2fsprogs-1.39 creates (and leaves) a file sed.script in /tmp

Bug 146903 - sys-fs/e2fsprogs-1.39 creates (and leaves) a file sed.script in /tmp

Summary: sys-fs/e2fsprogs-1.39 creates (and leaves) a file sed.script in /tmp

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-09-08 22:53 UTC by ta2002
Modified:	2006-09-09 03:26 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ta2002 2006-09-08 22:53:19 UTC

I don't know if this represents something harmless, or a little more important (maybe even a possible security problem), so I left the priority and severity at the default levels, but emerging sys-fs/e2fsprogs-1.39 (the current latest stable version) creates and leaves a file called sed.script in /tmp (owned by root:root). The contents of the file:

/^#/d
/^$/d
s/__extension__ //
s/typedef \(.*\) __u\([1-9]*\);/#define __U\2_TYPEDEF \1/
s/typedef \(.*\) __s\([1-9]*\);/#define __S\2_TYPEDEF \1/

I don't know much about sed (and not much about problems that lead to security issues), but I thought that creating files in /tmp with known names provided an opportunity for mischief.

Thanks.

Comment 1 SpanKY gentoo-dev

2006-09-09 03:26:56 UTC

ugh, what an ugly little piece of code that generates this garbage

thanks for the bug report, should be fixed in cvs now