96192 – not so secure tmpfile handling in rpm2targz

Bug 96192 - not so secure tmpfile handling in rpm2targz

Summary: not so secure tmpfile handling in rpm2targz

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Alastair Tse (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-06-15 10:06 UTC by solar (RETIRED)
Modified:	2005-07-06 02:43 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
rpm2targz.diff (rpm2targz.diff,3.85 KB, patch) 2005-06-15 10:07 UTC, solar (RETIRED)	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description solar (RETIRED) gentoo-dev

2005-06-15 10:06:17 UTC

rpm2targz uses the mcookie app for tmpdir file handling. This mcookie 
program is ment to be used on files vs dirs and rpm2targz is using it
for dir handling without really any error checking. 
I think all of that can lead us to some pretty nice race condition bugs.

I'm not sure if this should be classed as a security problem or not so I'm 
assigning it to you for now with secuirty on the CC:

Comment 1 solar (RETIRED) gentoo-dev

2005-06-15 10:07:42 UTC

Created attachment 61287 [details, diff]
rpm2targz.diff

Attached local patch I'm using now.

Comment 2 Alastair Tse (RETIRED) gentoo-dev

2005-06-25 05:41:58 UTC

thanks for the patch solar, i've committed it to rpm2targz-9.0-r3. security hasn't said anything about this 
being a major problem, so i've marked it ~x86 for now, but i'll fast track it if security thinks it is necessary.

Comment 3 Alastair Tse (RETIRED) gentoo-dev

2005-07-06 02:43:12 UTC

i'm marking the new version of rpm2targz stable for x86. closing for now.