Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 104565

Summary: app-admin/gtkdiskfree <= 1.9.3 unsecure tmp file creation
Product: Gentoo Security Reporter: Romang <zataz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
temp file fix none

Description Romang 2005-09-02 02:16:40 UTC 
Hello,

Take a look at : src/mount.h

23 #define TUBE_NAME                "/tmp/gtkdiskfree"

Then to : src/mount.c

32 open_cmd_tube (const gchar *cmd, const gchar *mount_point)
33 {
34         gint status;
35         gchar error[MAXLINE], *line;
36         FILE *sh, *tmp;
37 
38         setbuf(stdout, error);
39         line = g_strconcat(cmd, " ", mount_point, " &> ", TUBE_NAME, NULL);
40         sh = popen(line, "r");
41         g_free(line);
42         
43         status = pclose(sh);
44         
45         if (status == 0) {
46                 remove(TUBE_NAME);
47                 gui_list_main_update(GTK_TREE_VIEW(list_treeview));
48                 
49                 return;
50         } else {
51                 if ((tmp = fopen(TUBE_NAME, "r")) == NULL) {
52                         gui_list_main_update(GTK_TREE_VIEW(list_treeview));
53                         
54                         return;
55                 }          
56                 if (fgets(error, MAXLINE-1, tmp) == NULL) {
57                         fclose(tmp);
58                         remove(TUBE_NAME);
59                         gui_list_main_update(GTK_TREE_VIEW(list_treeview));
60                            
61                         return;
62                 }
63                 fclose(tmp);
64                 remove(TUBE_NAME);
65                 error_window(error);
66         }
67         gui_list_main_update(GTK_TREE_VIEW(list_treeview));
68 
69         return;
70 }

Regards
Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2005-09-02 05:12:37 UTC 
Yes, obvious bug.

He doesnt need a temp file to do that, popen returns a stream anyway, suggested 
quick fix attached.
Comment 2 Tavis Ormandy (RETIRED) gentoo-dev 2005-09-02 05:12:58 UTC 
Created attachment 67471 [details, diff]
temp file fix
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-09-03 02:43:18 UTC 
Let us know when upstream is aware.
Comment 4 Romang 2005-09-05 00:50:12 UTC 
Hello,

Upstream seems to be down.

http://gtkdiskfree.tuxfamily.org/
or
http://gtkdiskfree.sourceforge.net/

Regards.
Comment 5 Romang 2005-09-05 00:53:22 UTC 
Hello,

Email sends to vendor-sec@lst.de

Regards.
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-09-07 07:36:14 UTC 
Pulling in maintainer:
Daniel, this is still non-public. Since upstream is dead, would you be in favor
of patching or removing ?
Comment 7 Romang 2005-09-15 00:22:49 UTC 
Hello,

Released the 15/09/2005

You can open the bug.

Thxs for your time and help.

Regards.
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-09-15 00:27:15 UTC 
Opening
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-09-15 06:56:50 UTC 
morfic, your opinion ?
Comment 10 SpanKY gentoo-dev 2005-09-15 15:23:53 UTC 
at a glance the patch looks good to me
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2005-09-17 05:50:12 UTC 
Not worth masking the package... Let's patch it, if we can find someone to do
it... vapier: feel like it ?
Comment 12 SpanKY gentoo-dev 2005-09-28 17:27:00 UTC 
1.9.3-r1 now in portage
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2005-09-29 00:41:39 UTC 
Archs, please test and mark stable...
Comment 14 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-09-29 08:43:07 UTC 
Stable on ppc.
Comment 15 Thierry Carrez (RETIRED) gentoo-dev 2005-09-30 01:01:05 UTC 
This is CAN-2005-2918
Comment 16 Markus Rothe (RETIRED) gentoo-dev 2005-09-30 11:17:21 UTC 
stable on ppc64
Comment 17 Paul Varner (RETIRED) gentoo-dev 2005-09-30 12:56:56 UTC 
stable on x86
Comment 18 Simon Stelling (RETIRED) gentoo-dev 2005-09-30 12:59:16 UTC 
stable on amd64
Comment 19 Thierry Carrez (RETIRED) gentoo-dev 2005-09-30 13:45:08 UTC 
Ready for GLSA vote
Comment 20 Thierry Carrez (RETIRED) gentoo-dev 2005-10-01 03:38:35 UTC 
I tend to vote yes.
Comment 21 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-02 10:09:00 UTC 
I tend to vote NO.
Comment 22 Tavis Ormandy (RETIRED) gentoo-dev 2005-10-02 10:44:54 UTC 
I would vote YES, as it's so easy to exploit.
Comment 23 Thierry Carrez (RETIRED) gentoo-dev 2005-10-02 11:06:46 UTC 
Let there be a GLSA.
Comment 24 Thierry Carrez (RETIRED) gentoo-dev 2005-10-03 09:02:51 UTC 
GLSA 200510-01