Le jeudi 21 août 2008 à 16:14 +0200, Thijs Kinkhorst a écrit :
> When grepping the sympa source for "/tmp" I find quite some occurances
> of
> other files directly in tmp with insecure filenames. It should be
> checked
> for each if that code is executed and whether or not they should be
> moved
> to Sympa's private tempdir.
>
Indeed, grepping through contents of binary package gives quite some
occurrences :
./usr/share/doc/sympa/examples/config/sympa.conf:tmpdir /var/spool/sympa/tmp
./usr/lib/sympa/bin/Log.pm: #open TMP, ">/tmp/logs.dump";
./usr/lib/sympa/bin/tt2.pl: open my $fh, ">/tmp/tt2/$newname";
./usr/lib/sympa/bin/tools.pl: ## first step is the msg signing OK ;
/tmp/sympa-smime.$$ is created
./usr/lib/sympa/bin/tools.pl: my $temporary_file = "/tmp/smime-sender.".$$ ;
./usr/lib/sympa/bin/List.pm:# $parser->output_dir($Conf{'spool'} ."/tmp");
./usr/lib/sympa/bin/List.pm:# open TMP2, ">/tmp/digdump";
&tools::dump_var($param, 0, \*TMP2); close TMP2;
./usr/lib/sympa/bin/List.pm:# open TMP2, ">/tmp/digdump";
&tools::dump_var($param, 0, \*TMP2); close TMP2;
./usr/lib/sympa/bin/sympasoap.pm:# open TMP2, ">>/tmp/yy"; printf TMP2
"xxxxxxxxxx parameters \n"; &tools::dump_var($proxy_vs, 0, \*TMP2);printf TMP2
"--------\n"; close TMP2;
./usr/lib/sympa/bin/CAS.pm: $cas->proxyMode(pgtFile => '/tmp/pgt.txt',
./usr/lib/sympa/bin/sympa_wizard.pl:my $new_wwsympa_conf = '/tmp/wwsympa.conf';
./usr/lib/sympa/bin/sympa_wizard.pl:my $new_sympa_conf = '/tmp/sympa.conf';
./usr/lib/sympa/bin/Conf.pm: $o{'tmpdir'}[0] = "$spool/tmp";
./usr/lib/sympa/bin/Conf.pm: # open TMP,
">/tmp/dump1";&tools::dump_var(&load_generic_conf_file($config,\%trusted_applications);,
0,\*TMP);close TMP;
./usr/lib/sympa/bin/Conf.pm:#open TMP2, ">>/tmp/sss"; printf TMP2
"xxxxxxxxxxxxxxxxxxx--------structure admin\n"; &tools::dump_var(\%admin, 0,
\*TMP2);printf TMP2 "xxxxxxxxxxxxxxxxxxx--------\n"; close TMP2;
./usr/lib/sympa/bin/sympa_soap_client.pl:#
file => '/tmp/my_cookies' );
./usr/lib/sympa/bin/sympa_soap_client.pl:
file => '/tmp/my_cookies' );
./usr/lib/sympa/bin/Family.pm: # open TMP, ">/tmp/dump1";
./usr/lib/sympa/bin/Auth.pm: # open TMP2, ">>/tmp/yy"; printf TMP2
"xxxxxxxxxxx\@ trusted_apps \n"; &tools::dump_var([EMAIL PROTECTED], 0,
\*TMP2);printf TMP2 "--------\n"; close TMP2;
./usr/lib/sympa/bin/sympa.pl: --make_alias_file : create
file in /tmp with all aliases (usefull when aliases.tpl is changed)
./usr/lib/cgi-bin/sympa/wwsympa.fcgi: # open TMP, ">/tmp/dump1";
./usr/lib/cgi-bin/sympa/wwsympa.fcgi: # open TMP, ">/tmp/dump2";
./usr/lib/cgi-bin/sympa/wwsympa.fcgi: #open TMP, ">/tmp/dump1";
./usr/bin/sympa: --make_alias_file : create file in /tmp
with all aliases (usefull when aliases.tpl is changed)
./usr/bin/sympa_wizard:my $new_wwsympa_conf = '/tmp/wwsympa.conf';
./usr/bin/sympa_wizard:my $new_sympa_conf = '/tmp/sympa.conf';
I think that even though the first ones reported on
/usr/lib/cgi-bin/sympa/wwsympa.fcgi and /usr/lib/sympa/bin/sympa.pl are now
fixed by uploaded 5.3.4-5.1, there's some more need for analysis (checking with
upstream too).
I think that opening a distinct bug would probably be better too.
Hope this helps.
--
Olivier BERGER <[EMAIL PROTECTED]>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
