Package: fftw3-dev Version: 3.0.1-11 Priority: important Tags: security patch
While doing a review of usage of tempfiles in Debian I've found out that the fftw-wisdom-to-conf script uses temporary files in an unsafe way which could be used to conduct symlink attacks against any user running it. Attached is a patch that fixes this issue by introducing the use of mktemp. Regards Javier
--- fftw3-3.0.1/tools/fftw-wisdom-to-conf.in.orig 2005-08-06
10:34:10.000000000 +0200
+++ fftw3-3.0.1/tools/fftw-wisdom-to-conf.in 2005-08-06 10:34:53.000000000
+0200
@@ -57,7 +57,8 @@
extern void ${prefix}solvtab_exec(const struct solvtab_s s[], void *);
EOF
-tmp=/tmp/fftw-wisdom-to-conf$$
+tmp=`mktemp -t tempfile.XXXXXX` || { echo "$0: Cannot create temporary file"
>&2; exit 1; }
+trap " [ -f \"$tmp\" ] && /bin/rm -f -- \"$tmp\"" 0 1 2 3 13 15
sed 's/ *(//' | cut -d" " -f1 | grep -v -- - | egrep -v '^ *\)*$' > $tmp
cat $tmp | sort | uniq | while read reg_nam; do
@@ -73,3 +74,5 @@
echo " ${prefix}solvtab_exec(s, plnr);"
echo "}"
+
+exit 0
signature.asc
Description: Digital signature
