Bug#386501: marked as done (mktemp: should validate TMPDIR)

Tue, 04 May 2010 05:39:18 -0700 

Your message dated Tue, 04 May 2010 08:37:07 -0400
with message-id <[email protected]>
and subject line Re: mktemp: should validate TMPDIR
has caused the Debian Bug report #386501,
regarding mktemp: should validate TMPDIR
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
386501: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=386501
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: debianutils
Version: 2.15.1
Severity: normal

Hi, Clint.

The utilities mktemp and tempfile both assume that if TMPDIR is set,
it points to a writable directory; although that's normally true, it's
not actually guaranteed to hold.  (For example, I have a system with
libpam-tmpdir enabled where a cron job [belonging to exim4-base] runs
a shell script as the Debian-exim user that tries to use tempfile but
fails because TMPDIR still points to /tmp/user/0, which only root can
access.)

mktemp makes no sanity checks whatsoever, and tempnam(3), which
tempfile uses, checks only that TMPDIR points to an *existing*
directory, not necessarily to a writable one.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages debianutils depends on:
ii  coreutils                     5.2.1-2.1  The GNU core utilities
ii  libc6                         2.3.5-7    GNU C Library: Shared libraries an

debianutils recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- documentation currently states that TMPDIR is used if it is a directory, and does not specify that it is only used if the directory is writable. 

Mike Stone

--- End Message ---

Reply via email to