Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 146903
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo's Team for Core System packages <base-system@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: throw_away_2002@yahoo.com
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 146903 depends on: Show dependency tree
Bug 146903 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-09-08 22:53 0000 
I don't know if this represents something harmless, or a little more important
(maybe even a possible security problem), so I left the priority and severity
at the default levels, but emerging sys-fs/e2fsprogs-1.39 (the current latest
stable version) creates and leaves a file called sed.script in /tmp (owned by
root:root). The contents of the file:

/^#/d
/^$/d
s/__extension__ //
s/typedef \(.*\) __u\([1-9]*\);/#define __U\2_TYPEDEF \1/
s/typedef \(.*\) __s\([1-9]*\);/#define __S\2_TYPEDEF \1/

I don't know much about sed (and not much about problems that lead to security
issues), but I thought that creating files in /tmp with known names provided an
opportunity for mischief.

Thanks.

------- Comment #1 From SpanKY 2006-09-09 03:26:56 0000 ------- 
ugh, what an ugly little piece of code that generates this garbage

thanks for the bug report, should be fixed in cvs now
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug