Bug 114499 - sys-apps/texinfo: patch for insecure temporary file creation changes texindex behavior
|
Bug#:
114499
|
Product: Gentoo Linux
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: base-system@gentoo.org
|
Reported By: jaervosz@gentoo.org
|
|
Component: Core system
|
|
|
URL:
|
|
Summary: sys-apps/texinfo: patch for insecure temporary file creation changes texindex behavior
|
|
Keywords:
|
|
Status Whiteboard:
|
|
Opened: 2005-12-04 22:06 0000
|
Seems like there might be problems with the patch on bug #106105
It looks like the fix for CAN-2005-3011 (texinfo predictable temporary
files issue) being used by ubuntu and others is incorrect (see below).
Does anyone have a better and/or officially blessed (does texinfo have
a maintainer?) patch for this?
Colin Percival
-------- Original Message --------
Subject: [csjp@FreeBSD.org: Re: Ubuntu patch for texinfo (CAN-2005-3011)]
Date: Sat, 3 Dec 2005 19:11:12 +0000
From: Christian S.J. Peron <csjp@freebsd.org>
To: secteam@freebsd.org
Colin / team
I sent this message to Martin Pitt a while ago, but I have not recieved
any response. Who owns texinfo?
I am sure we can roll our own fix but I would rather whoever maintains this
program provide a security fix.
Any ideas?
----- Forwarded message from "Christian S.J. Peron" <csjp@FreeBSD.org> -----
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
To: martin.pitt@canonical.com
Date: Sun, 13 Nov 2005 05:43:34 +0000
Subject: Re: Ubuntu patch for texinfo (CAN-2005-3011)
On Don, 06 Okt 2005, Martin Pitt wrote:
> Since the previously proposed patch is very intrusive and not really
> appropriate for a security update, I created my own minimal patch:
>
> http://patches.ubuntu.com/patches/texinfo.CAN-2005-3011.diff
After discussing this fix with some of my colleagues, it appears that
your fix makes it impossible to unlink the temporary files.
void
flush_tempfiles (int to_count)
{
if (keep_tempfiles)
return;
while (last_deleted_tempcount < to_count)
unlink (maketempname (++last_deleted_tempcount));
}
flush_tempfiles would result in texindex exiting via EEXIST, because now
maketempname actually creates the files with the O_EXCL flag. Although
this fixes the race condition, it changes the behavior of the program.
Was this intentional or am I missing something here?
--
Christian S.J. Peron
csjp@FreeBSD.ORG
FreeBSD Committer
FreeBSD Security Team
----- End forwarded message -----
--
Christian S.J. Peron
csjp@FreeBSD.ORG
FreeBSD Committer
FreeBSD Security Team
_______________________________________________________
Please think twice when forwarding, cc:ing, or bcc:ing
security-team messages. Ask if you are unsure.
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/texinfo/
texinfo-4.8-owl-texindex-tmp.diff is our current patch. Older versions
of it (for older versions of texinfo) may be found in the Attic.
Originally, this was a part of texinfo-4.0-owl-tmp.diff, which I entered
with this comment:
* Wed Jan 03 2001 Solar Designer <solar-at-owl.openwall.com>
- Patch to create temporary files safely.
- Give offline sorting in texindex a chance to work (fixed a bug in there;
did anyone ever test that code, it certainly looks like not).
This patch has the disadvantage of producing a spurious link-time warning
about mktemp() (although the surrounding code makes this call safe).
This is because we still had glibc 2.1.3 at the time. This should be
updated to use mkdtemp() now (the change is trivial).
--
/sd
Ccing vapier so that he doublechecks Gentoo's status on this.
vapier: any hint on our vulnerability status here ?
We use a patch based on Martin Pitt's one.
Apparently would be better to use the patch from Openwall, which I'll attach
here.
Note that this is not a security issue, since Martin Pitt's patch solves the
security problem, it just changes the way texindex is supposed to work, so it
would be a bug.
4.8-r3 uses the patch here
