Bug 68406 - sys-fs/lvm-user: Insecure tmpfile use
Bug#: 68406 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: All Status: RESOLVED Severity: minor Priority: P1
Resolution: FIXED Assigned To: security@gentoo.org Reported By: koon@gentoo.org
Component: Vulnerabilities
URL:  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136308
Summary: sys-fs/lvm-user: Insecure tmpfile use
Keywords:  
Status Whiteboard: B3 [glsa] koon
Opened: 2004-10-21 07:58 0000
Description:   Opened: 2004-10-21 07:58 0000 
CAN-2004-0972

The lvmcreate_initrd script in the lvm package in Trustix Secure Linux
1.5 through 2.1, and possibly other operating systems, allows local
users to overwrite files via a symlink attack on temporary files.

------- Comment #1 From Thierry Carrez (RETIRED) 2004-10-21 08:06:58 0000 ------- 
Created an attachment (id=42316) [details]
Patch from RedHat bug

Patch from RedHat

------- Comment #2 From Thierry Carrez (RETIRED) 2004-10-22 08:11:11 0000 ------- 
We have two lvm packages in our tree, lvm-user for LVM 1.* and lvm2 for LVM
2.*. The script is only in LVM 1.* releases. So we should either remove the
package or fix it :)

------- Comment #3 From Thierry Carrez (RETIRED) 2004-10-30 09:27:54 0000 ------- 
base-system: please either fix this or remove lvm-user altogether. I'm sure you
prefer we don't mess with it ourselves :)

------- Comment #4 From Matthias Geerdsen 2004-11-02 02:39:43 0000 ------- 
Debian bug report: 
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=279229>

Diff from Ubuntu Linux (full diff to orig package including typical Debian stuff): <http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10_1.0.8-4ubuntu1.1.diff.gz>

------- Comment #5 From Thierry Carrez (RETIRED) 2004-11-05 06:12:26 0000 ------- 
Patch in attachment applies cleanly to lvm-user-1.0.7-r1.

------- Comment #6 From SpanKY 2004-11-09 21:56:56 0000 ------- 
1.0.7-r2 is in portage with the fix

------- Comment #7 From Sune Kloppenborg Jeppesen 2004-11-09 23:03:08 0000 ------- 
Arches please mark stable.

------- Comment #8 From Gustavo Zacarias (RETIRED) 2004-11-10 04:48:05 0000 ------- 
What stable? vapier bumped every one to stable directly...

------- Comment #9 From Thierry Carrez (RETIRED) 2004-11-10 04:58:18 0000 ------- 
Sune obviously needs some rest :) Sorry for the inconvenience...

------- Comment #10 From Sune Kloppenborg Jeppesen 2004-11-11 13:28:57 0000 ------- 
GLSA 200411-22