Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 103568 - sys-apps/lm_sensors Insecure temp file creation
Summary: sys-apps/lm_sensors Insecure temp file creation
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa] jaervosz
Depends on:
Reported: 2005-08-24 02:25 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-08-30 07:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

lm-sensors.diff (lm-sensors.diff,988 bytes, patch)
2005-08-24 07:20 UTC, Thierry Carrez (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-24 02:25:47 UTC
Javier Fern
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-24 02:25:47 UTC
Javier Fernández-Sanguino Peña reports ath the pwmconfig script creates the 
temp file /tmp/fancontrol insecurely.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-08-24 07:20:35 UTC
Created attachment 66752 [details, diff]

Patch from Ubuntu.
Comment 3 Henrik Brix Andersen 2005-08-24 07:31:23 UTC
Has this patch been submitted upstream? It's not present in current CVS HEAD.
Comment 4 Henrik Brix Andersen 2005-08-24 07:41:01 UTC
Oh, sorry - it _is_ present is CVS HEAD.

I'll prepare a new ebuild.
Comment 5 Henrik Brix Andersen 2005-08-24 07:48:13 UTC
Fixed in sys-apps/lm_sensors-2.9.1-r1.

I'll mark it stable on x86 within the next 24 hours if no additional bugs are
Comment 6 Henrik Brix Andersen 2005-08-24 15:34:53 UTC
Stable on x86.
Comment 7 Olivier Crete (RETIRED) gentoo-dev 2005-08-24 16:40:00 UTC
amd64 done
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-25 11:26:28 UTC
Stable on ppc.
Comment 9 Henrik Brix Andersen 2005-08-26 03:25:30 UTC
Ready for GLSA?
Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-26 03:34:11 UTC
Thx for the reminder Brix. 
Ready for GLSA vote, I tend to vote NO. 
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2005-08-26 05:53:54 UTC
I tend to vote YES, as this is typically run by root.
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-26 07:19:34 UTC
Forgot about that reversing my vote to YES. 
Comment 13 Stefan Cornelius (RETIRED) gentoo-dev 2005-08-27 02:33:22 UTC
as it's run as root, i vote yes.
Comment 14 Tavis Ormandy (RETIRED) gentoo-dev 2005-08-27 02:36:33 UTC
agree with Koon, vote YES
Comment 15 Thierry Carrez (RETIRED) gentoo-dev 2005-08-30 07:58:15 UTC
GLSA 200508-19