First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 66400
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Ulrich Müller <ulm@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
ed-0.2-mkstemp.patch ed-0.2-mkstemp.patch patch Ulrich Müller 2004-10-05 03:19 0000 738 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 66400 depends on: 73858 Show dependency tree
Show dependency graph
Bug 66400 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-10-05 03:17 0000 
ed-0.2 use "mktemp" to create temporary files.
This problem is known since almost four years, see for example:
http://www.linuxsecurity.com/advisories/redhat_advisory-967.html

| The ed executable creates files in /tmp with predictable
| names. By using various symlink attacks, it is possible to
| have ed write to files it should not, change the permissions 
| of various files, etc.

------- Comment #1 From Ulrich Müller 2004-10-05 03:19:16 0000 ------- 
Created an attachment (id=41133) [edit]
ed-0.2-mkstemp.patch

Patch from LFS.

------- Comment #2 From Marc Vila 2004-10-05 03:34:09 0000 ------- 
seems like we install ed by default in gentoo, so this should be fixed.
also we don

------- Comment #3 From Marc Vila 2004-10-05 03:34:09 0000 ------- 
seems like we install ed by default in gentoo, so this should be fixed.
also we don´t apply any kind of patch to fix this in our ed-0.2-r3

------- Comment #4 From Ulrich Müller 2004-10-05 04:26:17 0000 ------- 
Sorry, should of course have been ed-0.2-r3 in the subject.

------- Comment #5 From Thierry Carrez (RETIRED) 2004-10-05 04:43:28 0000 ------- 
Base-system, please comment and/or apply patch.

------- Comment #6 From SpanKY 2004-10-05 06:00:04 0000 ------- 
0.2-r4 is in portage, lets make it stable

------- Comment #7 From Thierry Carrez (RETIRED) 2004-10-05 06:14:57 0000 ------- 
Arches, please test and mark sys-apps/ed-0.2-r4 stable :
Current KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
Target KEYWORDS="x86 ppc sparc mips alpha arm hppa amd64 ia64 ppc64 s390"

------- Comment #8 From Bryan Østergaard (RETIRED) 2004-10-05 07:45:48 0000 ------- 
Stable on alpha.

------- Comment #9 From Olivier Crete 2004-10-05 10:43:22 0000 ------- 
Stable on x86

------- Comment #10 From Gustavo Zacarias (RETIRED) 2004-10-05 15:02:20 0000 ------- 
sparc tasty.

------- Comment #11 From SpanKY 2004-10-05 15:46:05 0000 ------- 
arm/hppa/ia64/s390 have been loved

------- Comment #12 From Jochen Maes (RETIRED) 2004-10-06 01:16:02 0000 ------- 
stable on ppc

------- Comment #13 From Jeremy Huddleston 2004-10-07 14:45:25 0000 ------- 
stable amd64

------- Comment #14 From SpanKY 2004-10-07 18:45:07 0000 ------- 
mips stable

------- Comment #15 From Thierry Carrez (RETIRED) 2004-10-09 11:20:18 0000 ------- 
GLSA 200410-07
ppc64 : don't forget to mark stable to benefit from GLSA

------- Comment #16 From Tom Gall 2004-10-09 20:07:02 0000 ------- 
stable on ppc64, thanks!

------- Comment #17 From Robin Johnson 2004-12-21 17:20:03 0000 ------- 
security: please see bug #73858. This security fix of yours has broken ed.

------- Comment #18 From Thierry Carrez (RETIRED) 2004-12-22 04:23:00 0000 ------- 
Well, it's not "our fix". vapier applied a patch (originally from LFS) on
behalf of the base-system herd. But we can try to help in determining a more
appropriate patch.

------- Comment #19 From Raphael Marichez 2007-01-23 13:53:22 0000 ------- 
*** Bug 163220 has been marked as a duplicate of this bug. ***
First Last Prev Next    No search results available      Search page      Enter new bug