Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 500970 (CVE-2014-1935) - sys-apps/9base : insecure use of /tmp
Summary: sys-apps/9base : insecure use of /tmp
Status: RESOLVED FIXED
Alias: CVE-2014-1935
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial
Assignee: Gentoo Security
URL: https://bugs.debian.org/cgi-bin/bugre...
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-11 08:55 UTC by Agostino Sarubbo
Modified: 2016-07-05 23:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-02-11 08:55:23 UTC
From ${URL} :

Murray McAllister from Red Hat Security Response Team discovered that rc 
creates temporary files in an insecure way:

$ strace -o '| grep /tmp' ./test-heredoc
open("/tmp/here217f.0000", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 5
open("/tmp/here217f.0000", O_RDONLY|O_LARGEFILE) = 5
moo
unlink("/tmp/here217f.0000")            = 0


As you can see, the filenames are easily predictable, and the O_EXCL 
flag is missing.



@maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2016-06-05 07:48:02 UTC
Dead upstream and unpatched security vulnerability.  

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ebb563e6600c73f5befed25fecf309216971fde