OSSP: CVS Repository: Check-in [5090]

Check-in Number:

5090

Date:

2005-Jun-15 10:11:16 (local)
2005-Jun-15 08:11:16 (UTC)

User:

rse

Branch:

Comment:

Fix insecure temporary file handling (CAN-2005-1751, CAN-2005-1759).

Submitted by: Eric Romang <eromang@zataz.net>

Tickets:

Inspections:

Files:

ossp-pkg/shtool/ChangeLog	1.210 -> 1.211	4 inserted, 1 deleted
ossp-pkg/shtool/sh.arx	1.21 -> 1.22	11 inserted, 11 deleted
ossp-pkg/shtool/sh.common	1.23 -> 1.24	15 inserted, 5 deleted

ossp-pkg/shtool/ChangeLog 1.210 -> 1.211

--- ChangeLog 2005/06/11 10:58:10 1.210 +++ ChangeLog 2005/06/15 08:11:16 1.211 @@ -9,7 +9,10 @@ ChangeLog - Changes between 2.0.1 and 2.0.2 (11-Aug-2004 to xx-XXX-2005): + Changes between 2.0.1 and 2.0.2 (11-Aug-2004 to 15-Jun-2005): + + *) Fix insecure temporary file handling (CAN-2005-1751, CAN-2005-1759). + [Eric Romang <eromang@zataz.net>, Ralf S. Engelschall] *) Add Mandriva Linux support to "shtool platform". [Ralf S. Engelschall]

ossp-pkg/shtool/sh.arx 1.21 -> 1.22

--- sh.arx 2004/02/12 16:06:26 1.21 +++ sh.arx 2005/06/15 08:11:16 1.22 @@ -34,7 +34,7 @@ files="$*" # walk through the file list and expand archives members -tmpdir=`echo $archive | sed -e 's;[^/]*$;.arx;'` +ar_tmpdir=`echo $archive | sed -e 's;[^/]*$;.arx;'` nfiles='' if [ ".$files" != . ]; then for file in $files; do @@ -44,13 +44,13 @@ fi case $file in *.a ) - if [ ! -d $tmpdir ]; then + if [ ! -d $ar_tmpdir ]; then if [ ".$opt_t" = .yes ]; then - echo "mkdir $tmpdir" 1>&2 + echo "mkdir $ar_tmpdir" 1>&2 fi - mkdir $tmpdir + mkdir $ar_tmpdir fi - case $tmpdir in + case $ar_tmpdir in .arx ) from="../$file" ;; @@ -61,16 +61,16 @@ ;; esac if [ ".$opt_t" = .yes ]; then - echo "(cd $tmpdir && $ar_prg x $from)" 1>&2 + echo "(cd $ar_tmpdir && $ar_prg x $from)" 1>&2 fi - (cd $tmpdir && eval $ar_prg x $from) + (cd $ar_tmpdir && eval $ar_prg x $from) if [ $? -ne 0 ]; then echo "$msgprefix:Error: member extraction failed for archive: $file" 1>&2 shtool_exit 1 fi for member in - `eval $ar_prg t $file | sed -e '/_\.SYMDEF/d'`; do [ ".$member" = .- ] && continue - nfiles="$nfiles $tmpdir/$member" + nfiles="$nfiles $ar_tmpdir/$member" done ;; * ) @@ -91,11 +91,11 @@ fi # cleanup and die gracefully -if [ -d $tmpdir ]; then +if [ -d $ar_tmpdir ]; then if [ ".$opt_t" = .yes ]; then - echo "rm -rf $tmpdir" 1>&2 + echo "rm -rf $ar_tmpdir" 1>&2 fi - rm -rf $tmpdir + rm -rf $ar_tmpdir fi shtool_exit 0

ossp-pkg/shtool/sh.common 1.23 -> 1.24

--- sh.common 2004/04/07 07:55:02 1.23 +++ sh.common 2005/06/15 08:11:16 1.24 @@ -161,6 +161,7 @@ # establish a temporary file on request if [ ".$gen_tmpfile" = .yes ]; then + # create (explicitly) secure temporary directory if [ ".$TMPDIR" != . ]; then tmpdir="$TMPDIR" elif [ ".$TEMPDIR" != . ]; then @@ -168,10 +169,19 @@ else tmpdir="/tmp" fi - tmpfile="$tmpdir/.shtool.$$" - rm -f $tmpfile >/dev/null 2>&1 - touch $tmpfile - chmod 600 $tmpfile + tmpdir="$tmpdir/.shtool.$$" + ( umask 077 + rm -rf "$tmpdir" >/dev/null 2>&1 || true + mkdir "$tmpdir" >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "$msgprefix:Error: failed to create temporary directory \`$tmpdir'" 1>&2 + exit 1 + fi + ) + + # create (implicitly) secure temporary file + tmpfile="$tmpdir/shtool.tmp" + touch "$tmpfile" fi # utility function: map string to lower case @@ -188,7 +198,7 @@ shtool_exit () { rc="$1" if [ ".$gen_tmpfile" = .yes ]; then - rm -f $tmpfile >/dev/null 2>&1 || true + rm -rf "$tmpdir" >/dev/null 2>&1 || true fi exit $rc }

OSSP CVS Repository