The first vulnerability is due to a hard-coded of /tmp/dispatch-conf.changes. On startup this file is safely moved to dispatch-conf.changes.old if it exists, but a user can create a symlink between that time and when the log is first written to. Fixed it by making it a config option and disabling it by default.
The second vulnerability is created by dispatch-conf's use of "dispatch-conf.$(pidof dispath-conf)" for it's temporary files. Fixed this by safely creating a directory in and doing all work in there instead.
Changes are in CVS and will go out in portage-2.0.51-r3.
portage team please provide a patched ebuild.
Using this bug for stable marking.
Arches please do not mark stable directly but test as per Nicholas request below.
Snip form Nicholas aka carpaski on bug #69137 :
portage-2.0.51-r3 (dispatch-conf, sandbox, and dohtml-for-python2.2)
Arches please report back bugs/problems/success rather than
directly bumping for your arch.
i'm running and testing for ppc
testing on sparc, so far so good.
no problems on ppc64 so far...
looks good so far on amd64
Looks good on alpha.
[01:43:02] <carpaski> I kicked -r3 into stable.
Removing arches from CC.
Hmmm now dispatch-conf starts failing for me (u option).
Jason will you look into this?
diff: extra operand `/etc/piwi/Filters/._cfg0000_High'
diff: Try `diff --help' for more information.
>> (1 of 1) -- /etc/piwi/Filters/High severity.flt
>> q quit, h help, n next, e edit-new, z zap-new, u use-new
m merge, t toggle-merge, l look-merge:
Traceback (most recent call last):
File "/usr/sbin/dispatch-conf", line 309, in ?
d.grind (portage.settings ['CONFIG_PROTECT'])
File "/usr/sbin/dispatch-conf", line 208, in grind
self.replace(newconf, conf ['current'])
File "/usr/sbin/dispatch-conf", line 222, in replace
os.system((DIFF_CONTENTS % (curconf, newconf)) + '>>' + self.config["log-file"])
AttributeError: dispatch instance has no attribute 'config'
Yep. Found and fixed.
Thx for the quick fix, you might wanna bump to r4.
This one is ready for GLSA