First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 96192
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Alastair Tse (RETIRED) <liquidx@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: solar <solar@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
rpm2targz.diff rpm2targz.diff patch solar 2005-06-15 10:07 0000 3.85 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 96192 depends on: Show dependency tree
Bug 96192 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-06-15 10:06 0000 
rpm2targz uses the mcookie app for tmpdir file handling. This mcookie 
program is ment to be used on files vs dirs and rpm2targz is using it
for dir handling without really any error checking. 
I think all of that can lead us to some pretty nice race condition bugs.

I'm not sure if this should be classed as a security problem or not so I'm 
assigning it to you for now with secuirty on the CC:

------- Comment #1 From solar 2005-06-15 10:07:42 0000 ------- 
Created an attachment (id=61287) [edit]
rpm2targz.diff

Attached local patch I'm using now.

------- Comment #2 From Alastair Tse (RETIRED) 2005-06-25 05:41:58 0000 ------- 
thanks for the patch solar, i've committed it to rpm2targz-9.0-r3. security
hasn't said anything about this 
being a major problem, so i've marked it ~x86 for now, but i'll fast track it
if security thinks it is necessary.

------- Comment #3 From Alastair Tse (RETIRED) 2005-07-06 02:43:12 0000 ------- 
i'm marking the new version of rpm2targz stable for x86. closing for now.
First Last Prev Next    No search results available      Search page      Enter new bug