Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 103568 - sys-apps/lm_sensors Insecure temp file creation
Summary: sys-apps/lm_sensors Insecure temp file creation
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://archives.neohapsis.com/archive...
Whiteboard: B3 [glsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-24 02:25 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-08-30 07:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
lm-sensors.diff (lm-sensors.diff,988 bytes, patch)
2005-08-24 07:20 UTC, Thierry Carrez (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-24 02:25:47 UTC 
Javier Fern
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-24 02:25:47 UTC 
Javier Fernández-Sanguino Peña reports ath the pwmconfig script creates the 
temp file /tmp/fancontrol insecurely.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-08-24 07:20:35 UTC 
Created attachment 66752 [details, diff]
lm-sensors.diff

Patch from Ubuntu.
Comment 3 Henrik Brix Andersen 2005-08-24 07:31:23 UTC 
Has this patch been submitted upstream? It's not present in current CVS HEAD.
Comment 4 Henrik Brix Andersen 2005-08-24 07:41:01 UTC 
Oh, sorry - it _is_ present is CVS HEAD.

I'll prepare a new ebuild.
Comment 5 Henrik Brix Andersen 2005-08-24 07:48:13 UTC 
Fixed in sys-apps/lm_sensors-2.9.1-r1.

I'll mark it stable on x86 within the next 24 hours if no additional bugs are
reported.
Comment 6 Henrik Brix Andersen 2005-08-24 15:34:53 UTC 
Stable on x86.
Comment 7 Olivier Crete (RETIRED) gentoo-dev 2005-08-24 16:40:00 UTC 
amd64 done
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-25 11:26:28 UTC 
Stable on ppc.
Comment 9 Henrik Brix Andersen 2005-08-26 03:25:30 UTC 
Ready for GLSA?
Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-26 03:34:11 UTC 
Thx for the reminder Brix. 
 
Ready for GLSA vote, I tend to vote NO.
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2005-08-26 05:53:54 UTC 
I tend to vote YES, as this is typically run by root.
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-26 07:19:34 UTC 
Forgot about that reversing my vote to YES.
Comment 13 Stefan Cornelius (RETIRED) gentoo-dev 2005-08-27 02:33:22 UTC 
as it's run as root, i vote yes.
Comment 14 Tavis Ormandy (RETIRED) gentoo-dev 2005-08-27 02:36:33 UTC 
agree with Koon, vote YES
Comment 15 Thierry Carrez (RETIRED) gentoo-dev 2005-08-30 07:58:15 UTC 
GLSA 200508-19