| Summary: | system-tools-backends <= 1.2.0 insecure temporary directory creation | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Romang <zataz> |
| Component: | Auditing | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
AFAIK, there is no such thing as a "insecure temporary directory creation", as the mkdir syscall will fail if the pathname passed exists. Please REOPEN if I have misunderstood your report. |
Hello, Take a look at : partition.pl.in How is used after in /usr/share/setup-tool-backends/scripts/partition.pl 683 sub gst_partition_mount_temp 684 { 685 my ($device) = @_; 686 my ($filesys); 687 688 my ($dev) = ($device =~ /\/dev\/(.*)/); 689 my $point = "/tmp/disks-conf-$dev"; 690 691 mkdir ($point); 692 693 $cmd = "mount $device $point"; 694 $fd = &gst_file_run_pipe_read_with_stderr ($cmd); 695 696 if (!$fd) 697 { 698 my $err = `umount $device`; 699 rmdir ($point); 700 return "error"; 701 } 702 703 # Not mounted: not supported or unformatted 704 while (<$fd>) 705 { 706 if (/not supported/) 707 { 708 #($filesys) = ($_ =~ /^mount: fs type (.*) not supported by kernel$/); 709 &gst_file_close ($fd); 710 rmdir ($point); 711 return "not_supported::$_"; 712 } 713 elsif (/looks like swapspace/) 714 { 715 #$filesys = "swap"; 716 &gst_file_close ($fd); 717 rmdir ($point); 718 return "swap"; 719 } 720 elsif (/you must specify the filesystem type/) 721 { 722 #$filesys = "none"; 723 &gst_file_close ($fd); 724 rmdir ($point); 725 return "none"; 726 } 727 } 728 729 &gst_file_close ($fd); 730 731 return $point; 732 } Regards.