[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: gEDA-user: Security bug -medium: geda-gnetlist



On Tue, 2008-12-23 at 00:28 +0100, Chitlesh GOORAH wrote:
> On Tue, Nov 18, 2008 at 10:06 PM, Chitlesh GOORAH wrote:
> > Hello gEDA developers,
> >
> > A bug filed against geda-gnetlist by RedHat's security team was filed:
> > https://bugzilla.redhat.com/show_bug.cgi?id=472116
> > Bug 472116 -  CVE-2008-5148 geda-gnetlist insecure temporary file use [Fdevel]
> >
> > The issue is that the value of TMP is predictable
> > and a local evildoer could create a symlink causing some data to be overwritten.

Well, if you look at the patch, you'll see that it tries to create a
directory with that name, with safe permissions. If that doesn't work,
it exits. If it works, the temp-file is made inside the directory with
safe permissions.

-- 
Peter Clifton

Electrical Engineering Division,
Engineering Department,
University of Cambridge,
9, JJ Thomson Avenue,
Cambridge
CB3 0FA

Tel: +44 (0)7729 980173 - (No signal in the lab!)



_______________________________________________
geda-user mailing list
geda-user@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-user