Bug 160132

Summary:	x11-misc/adesklets: Insecure usage of files in /tmp.
Product:	Gentoo Security	Reporter:	Vic Fryzel (shellsage) (RETIRED) <shellsage>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	s4t4n
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Vic Fryzel (shellsage) (RETIRED) gentoo-dev

2007-01-04 15:58:11 UTC

The x11-misc/adesklets specifies a location in /tmp for log storage.  An attacker could create the file /tmp/adesklets_log.pid* as a symlink to arbitrary files on the system, and possibly overwrite those files, upon adesklets filing a log entry. The ebuild should specify a log location that is not in a world accessible directory.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-01-06 12:58:08 UTC

s4t4n please advise.

Comment 2 Michele Noberasco (RETIRED) gentoo-dev

2007-01-07 08:21:29 UTC

Well, adesklets runs with the privileges of the user who launched it, so this would be an issue only if that user is root (silly thing)...
Also, this log file gets created only if debug is in USE.
Anyway, I just committed to Portage a small change to the ebuilds so that log files are created in user home directories instead of /tmp; methinks it should be enough.

Comment 3 Michele Noberasco (RETIRED) gentoo-dev

2007-01-24 08:51:21 UTC

No feedback, closing. Feel free to reopen if necessary...

Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-02-10 20:56:17 UTC

(In reply to comment #3)
> No feedback, closing. Feel free to reopen if necessary...
> 


I agree. "INVALID" would even be appropriate.