Index: ossp-pkg/shtool/ChangeLog RCS File: /v/ossp/cvs/ossp-pkg/shtool/ChangeLog,v rcsdiff -q -kk '-r1.210' '-r1.211' -u '/v/ossp/cvs/ossp-pkg/shtool/ChangeLog,v' 2>/dev/null --- ChangeLog 2005/06/11 10:58:10 1.210 +++ ChangeLog 2005/06/15 08:11:16 1.211 @@ -9,7 +9,10 @@ ChangeLog - Changes between 2.0.1 and 2.0.2 (11-Aug-2004 to xx-XXX-2005): + Changes between 2.0.1 and 2.0.2 (11-Aug-2004 to 15-Jun-2005): + + *) Fix insecure temporary file handling (CAN-2005-1751, CAN-2005-1759). + [Eric Romang , Ralf S. Engelschall] *) Add Mandriva Linux support to "shtool platform". [Ralf S. Engelschall] Index: ossp-pkg/shtool/sh.arx RCS File: /v/ossp/cvs/ossp-pkg/shtool/sh.arx,v rcsdiff -q -kk '-r1.21' '-r1.22' -u '/v/ossp/cvs/ossp-pkg/shtool/sh.arx,v' 2>/dev/null --- sh.arx 2004/02/12 16:06:26 1.21 +++ sh.arx 2005/06/15 08:11:16 1.22 @@ -34,7 +34,7 @@ files="$*" # walk through the file list and expand archives members -tmpdir=`echo $archive | sed -e 's;[^/]*$;.arx;'` +ar_tmpdir=`echo $archive | sed -e 's;[^/]*$;.arx;'` nfiles='' if [ ".$files" != . ]; then for file in $files; do @@ -44,13 +44,13 @@ fi case $file in *.a ) - if [ ! -d $tmpdir ]; then + if [ ! -d $ar_tmpdir ]; then if [ ".$opt_t" = .yes ]; then - echo "mkdir $tmpdir" 1>&2 + echo "mkdir $ar_tmpdir" 1>&2 fi - mkdir $tmpdir + mkdir $ar_tmpdir fi - case $tmpdir in + case $ar_tmpdir in .arx ) from="../$file" ;; @@ -61,16 +61,16 @@ ;; esac if [ ".$opt_t" = .yes ]; then - echo "(cd $tmpdir && $ar_prg x $from)" 1>&2 + echo "(cd $ar_tmpdir && $ar_prg x $from)" 1>&2 fi - (cd $tmpdir && eval $ar_prg x $from) + (cd $ar_tmpdir && eval $ar_prg x $from) if [ $? -ne 0 ]; then echo "$msgprefix:Error: member extraction failed for archive: $file" 1>&2 shtool_exit 1 fi for member in - `eval $ar_prg t $file | sed -e '/_\.SYMDEF/d'`; do [ ".$member" = .- ] && continue - nfiles="$nfiles $tmpdir/$member" + nfiles="$nfiles $ar_tmpdir/$member" done ;; * ) @@ -91,11 +91,11 @@ fi # cleanup and die gracefully -if [ -d $tmpdir ]; then +if [ -d $ar_tmpdir ]; then if [ ".$opt_t" = .yes ]; then - echo "rm -rf $tmpdir" 1>&2 + echo "rm -rf $ar_tmpdir" 1>&2 fi - rm -rf $tmpdir + rm -rf $ar_tmpdir fi shtool_exit 0 Index: ossp-pkg/shtool/sh.common RCS File: /v/ossp/cvs/ossp-pkg/shtool/sh.common,v rcsdiff -q -kk '-r1.23' '-r1.24' -u '/v/ossp/cvs/ossp-pkg/shtool/sh.common,v' 2>/dev/null --- sh.common 2004/04/07 07:55:02 1.23 +++ sh.common 2005/06/15 08:11:16 1.24 @@ -161,6 +161,7 @@ # establish a temporary file on request if [ ".$gen_tmpfile" = .yes ]; then + # create (explicitly) secure temporary directory if [ ".$TMPDIR" != . ]; then tmpdir="$TMPDIR" elif [ ".$TEMPDIR" != . ]; then @@ -168,10 +169,19 @@ else tmpdir="/tmp" fi - tmpfile="$tmpdir/.shtool.$$" - rm -f $tmpfile >/dev/null 2>&1 - touch $tmpfile - chmod 600 $tmpfile + tmpdir="$tmpdir/.shtool.$$" + ( umask 077 + rm -rf "$tmpdir" >/dev/null 2>&1 || true + mkdir "$tmpdir" >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "$msgprefix:Error: failed to create temporary directory \`$tmpdir'" 1>&2 + exit 1 + fi + ) + + # create (implicitly) secure temporary file + tmpfile="$tmpdir/shtool.tmp" + touch "$tmpfile" fi # utility function: map string to lower case @@ -188,7 +198,7 @@ shtool_exit () { rc="$1" if [ ".$gen_tmpfile" = .yes ]; then - rm -f $tmpfile >/dev/null 2>&1 || true + rm -rf "$tmpdir" >/dev/null 2>&1 || true fi exit $rc }