Gentoo Bug 159544 - app-emulation/mol mol-pciproxy-dump.patch: Insecure usage of files in /tmp.

First Last Prev Next No search results available Search page Enter new bug

Bug#:	159544
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Vic Fryzel (shellsage) (RETIRED) <shellsage@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 159544 depends on:			Show dependency tree
Bug 159544 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-12-31 02:05 0000

The file mol-pciproxy-dump.patch distributed with app-emulation/mol needs to
include the O_EXCL flag on line 273 to avoid writing to already existing files,
including symlinks.  See `man 2 open`.  This could potentially allow for the
overwriting of arbitrary files upon installation of app-emulation/mol.  Note
that all instances of this package are masked, but I thought I would report it
anyway.

------- Comment #1 From Joe Jezak 2007-01-01 13:43:18 0000 -------

I think I'd rather just remove the patch, it's of limited use to most people
anyway (it was originally written to allow reverse engineering PCI devices
through MOL).

I'll remove it and add a version bump (it isn't masked on ppc).  Would that be
okay with security?

------- Comment #2 From Sune Kloppenborg Jeppesen 2007-01-06 12:34:17 0000 -------

Yeah a new fixed and stable version would be sufficient.

------- Comment #3 From Joe Jezak 2007-01-08 22:07:00 0000 -------

Fixed in CVS, I'm not sure if security wants to do anything else for this bug,
so I'll leave it open.

Thanks!

------- Comment #4 From Sune Kloppenborg Jeppesen 2007-01-09 08:23:11 0000 -------

Thx Joe.

Security, this one is ready for GLSA decision.

I tend to vote NO.

------- Comment #5 From Vic Fryzel (shellsage) (RETIRED) 2007-01-09 11:23:16 0000 -------

I vote no.

------- Comment #6 From Stefan Cornelius (RETIRED) 2007-01-09 11:44:26 0000 -------

no and closing. thanls

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 159544

app-emulation/mol mol-pciproxy-dump.patch: Insecure usage of files in /tmp.

Last modified: 2007-01-14 00:31:41 0000