Bug#496419: issue is present, code runs as root

Wed, 27 Aug 2008 05:50:23 -0700 

tags 496419 confirmed
thanks

Hi,

A simple grep revealed a lot of tempfile issues here, see below. As far as I 
understand it, the code runs as root. This makes the issue quite serious. 
Please make sure this is fixed before lenny is released.

As several different temp files are used insecurely, it may be better to 
create a separate, private working directory for the program where it may 
store all those files at will.


cheers,
Thijs

./config-scripts/xen-3.2/configure-xend.sh:    cat  <<EOF > /tmp/open_ssl.res
./config-scripts/xen-3.2/configure-xend.sh:    $OPENSSL req -new -key 
$KEY -out $CSR < /tmp/open_ssl.res
./config-scripts/xen-3.2/configure-xend.sh:    rm /tmp/open_ssl.res
./config-scripts/xen-3.1/configure-xend.sh:    cat  <<EOF > /tmp/open_ssl.res
./config-scripts/xen-3.1/configure-xend.sh:    $OPENSSL req -new -key 
$KEY -out $CSR < /tmp/open_ssl.res
./config-scripts/xen-3.1/configure-xend.sh:    rm /tmp/open_ssl.res
./src/utils.py:    updates_file = "/tmp/updates.xml"
./src/utils.py:                                                          
dir="/tmp")
./src/utils.py:    TEST_CONFIGFILE = '/tmp/convirt.conf'
./src/XenNode.py:    dom_config.save("/tmp/test_config")
./src/XenNode.py:    newcfg.set_filename("/tmp/Txx")
./src/XenNode.py:    f = managed_node.node_proxy.open("/tmp/Txx")
./src/XenNode.py:    print "### read config from /etc/xen/auto and write them 
to /tmp"
./src/XenNode.py:        d.save("/tmp/" + f)
./src/NodeProxy.py:    node.put("/tmp/send", "/tmp/send_r")
./src/NodeProxy.py:    node.get("/tmp/send_r", "/tmp/received")
./src/NodeProxy.py:    fd = node.open('/tmp/test_writable','w')
./src/NodeProxy.py:    
print 'exists?: ',node.file_exists('/tmp/test_writable')
./src/NodeProxy.py:    print 'isWritable?: ', 
node.file_is_writable('/tmp/test_writable')
./src/NodeProxy.py:    node.remove('/tmp/test_writable')
./src/NodeProxy.py:    print 'exists?: ', 
node.file_exists('/tmp/test_writable')
./src/NodeProxy.py:            node.mkdir("/tmp/node_test")
./src/NodeProxy.py:        w = node.open("/tmp/node_test/test", "w")
./src/NodeProxy.py:        r = node.open("/tmp/node_test/test")
./src/NodeProxy.py:        node.remove("/tmp/node_test/test")
./src/NodeProxy.py:        node.rmdir("/tmp/node_test")
./src/NodeProxy.py:        output,code = node.exec_cmd('find /tmp')
./src/NodeProxy.py:        output,code = node.exec_cmd('junk /tmp')
./src/GridManager.py:                                                          
dir="/tmp")
./src/KVMProxy.py:            cmdline = cmdline + " -monitor unix:/tmp/" + 
config.get("name") + \
./src/KVMProxy.py:    config["monitor"] = "unix:/tmp/xyz"

Attachment: pgpQfkgkbRggy.pgp
Description: PGP signature

Reply via email to