From 443bdd8c3d6c92a0ad2d5f6da0aaead992e50f0d Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 11 Jun 2012 10:55:33 +0100 Subject: [PATCH 1/2] CVE-2012-3345: write ioq3.pid to home path, not temp directory On a multi-user system, an attacker could create a symbolic link /tmp/ioq3.pid pointing to any file owned by a user who plays an ioquake3-based game. When the victim runs ioquake3, the target file will be overwritten and replaced with the process ID of ioquake3. To avoid this, write the pid to the home path (e.g. ~/.q3a on Unix). Signed-off-by: Simon McVittie --- code/sys/sys_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/sys/sys_main.c b/code/sys/sys_main.c index ed00b65..dae8e8f 100644 --- a/code/sys/sys_main.c +++ b/code/sys/sys_main.c @@ -140,7 +140,7 @@ Sys_PIDFileName */ static char *Sys_PIDFileName( void ) { - return va( "%s/%s", Sys_TempPath( ), PID_FILENAME ); + return va( "%s/%s", Sys_DefaultHomePath( ), PID_FILENAME ); } /* -- 1.7.10