Bug#740891: marked as done (listadmin: insecure use of /tmp)

Mon, 10 Sep 2018 10:36:47 -0700 

Your message dated Mon, 10 Sep 2018 17:34:04 +0000
with message-id <[email protected]>
and subject line Bug#740891: fixed in listadmin 2.42-1.1
has caused the Debian Bug report #740891,
regarding listadmin: insecure use of /tmp
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
740891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740891
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: listadmin
Version: 2.40-4
Tags: security

listadmin creates temporary files in an insecure way:

        # Use rand() to protect a little against tmpfile races
        $dumpfile ||= "/tmp/dump-" . rand() . "-$list.html";
        if (open(DUMP, ">$dumpfile")) {
            chmod(0600, $dumpfile);
            print DUMP $page;
            close(DUMP);
            $msg .= ", please send $dumpfile to $maintainer";
        }

There are two problems here:
1) The code doesn't fail if a file with the same name already exists (which is required by Policy §10.4).
2) Between the open() and chmod() calls, the file has default permissions, so it might be possible for another local user to open it. 

--
Jakub Wilk

--- End Message ---
--- Begin Message --- 
Source: listadmin
Source-Version: 2.42-1.1

We believe that the bug you reported is fixed in the latest version of
listadmin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gunnar Wolf <[email protected]> (supplier of updated listadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 05 Sep 2018 10:41:39 -0500
Source: listadmin
Binary: listadmin
Architecture: source
Version: 2.42-1.1
Distribution: unstable
Urgency: medium
Maintainer: Noël Köthe <[email protected]>
Changed-By: Gunnar Wolf <[email protected]>
Description:
 listadmin  - command line mailman moderator queue manipulation
Closes: 740891 873287
Changes:
 listadmin (2.42-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Allow listadmin to follow HTTPS redirects for Mailman (Closes: #873287)
   * Fix insecure use of /tmp (Closes: #740891)
Checksums-Sha1:
 1724fe9be312fefac55a14d7027e97389f8397b7 1722 listadmin_2.42-1.1.dsc
 ebb46908cbb925826aa3840e6b764e45b8b1eaa0 4680 listadmin_2.42-1.1.debian.tar.xz
 e631e546eb1edc026bd395c72f983c9f58457b91 6886 
listadmin_2.42-1.1_source.buildinfo
Checksums-Sha256:
 6dbd77100779112ecfbf3c254624c6f1273eea1bc16cf1d0ab2bd379c80a9e34 1722 
listadmin_2.42-1.1.dsc
 96a6dfe45775e829be3e6c4991298cb8c0ba0ca873f5aafd46fd14cef83efba9 4680 
listadmin_2.42-1.1.debian.tar.xz
 6253d12079d7759bf8b25a0da2e4c8063bb01efd1fa5a1ba6d46b318286ecef6 6886 
listadmin_2.42-1.1_source.buildinfo
Files:
 48900798146df7e6792a3f0b1fa7229f 1722 net optional listadmin_2.42-1.1.dsc
 6f9ccaaf1f866499887675a4a7b4aba7 4680 net optional 
listadmin_2.42-1.1.debian.tar.xz
 383d903dee1a6d3fe422dea2b6c1cc62 6886 net optional 
listadmin_2.42-1.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfHleU5lojd9m99YgSd0qTkl5YZwFAluQDCwACgkQSd0qTkl5
YZymjRAAnq3CcxWOBpN9HStHa2wiPQd4JWG3stuQ28MMHDkO91EiqJov4gOiWPrg
L15tLf06GtCzhR/x+/BvFA/ylzzkSsEfcmWwfX4wdfD3BrCi7CUw1tt8NxWGte+P
1tnC5AbH4/DRLde46vd2PHdVnykolS+ovejtlwZL7hVXgO5PQ7zu3NaHHL/HzIlv
LqexfOAA7DKDacBRfhmKrM5c5/eG4UXvr3iMKg2h549rSKaWAm5+laJ5VJLFq9Oc
BXDADj90VXPLKbbkyVZaL/V0DbwTZpHRWvXhAMRAO/AxI2bHO0/cGyVlSpewru/R
4GKgiR2XTK7gZky2WsYCTAtN79r2COJZCt6qOV2mayY6uuxE3qqHvIs2RPeq0WzS
jYLbntM62e9Dj28RWrQkOJQjeRywt7vNHp+kH0vyDa6JE/i/1wNAZSACwsUhc9Ep
y+zMu225yYMJnzGEen0DwHRm3n4NGfk9E+RhwaHZ3BpSjtoyzCZvNzD8r85Ny9tR
8vpMGrIO+pho+KtsnVMk9mkWA3GJGJL7iKQdTelRh96wXrIaj9WZm3sZr7lfNtGo
bgGQlz2afQXKPINpkBBSfTJj9UTxGtL0Q/OyrnxzxBczZwINDxft5tW2rRvalPjr
XNGvsxdXTqemWiIRCeiD8I0peM+BJ4DegbqG8o5Q09advsDUy6g=
=Mant
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to