FVWM Bug Tracking notification
new message incoming/875
Message summary for PR#875
From: [EMAIL PROTECTED]
Subject: PRIVATE: Insecure temp files in fvwm/session.c
Date: Wed, 17 Apr 2002 17:15:27 -0500
0 replies 0 followups
====> ORIGINAL MESSAGE FOLLOWS <====
>From [EMAIL PROTECTED] Wed Apr 17 17:15:27 2002
Received: from karazm.math.uh.edu ([129.7.128.1])
by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
id 16xxi3-0005Cx-00
for [EMAIL PROTECTED]; Wed, 17 Apr 2002 17:15:27 -0500
Received: from malifon.math.uh.edu (IDENT:[EMAIL PROTECTED] [129.7.128.13])
by karazm.math.uh.edu (8.9.3/8.9.3) with ESMTP id RAA08117
for <[EMAIL PROTECTED]>; Wed, 17 Apr 2002 17:15:27 -0500 (CDT)
From: [EMAIL PROTECTED]
Received: from localhost ([127.0.0.1] ident=65534)
by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
id 16xxi3-0005Ct-00
for [EMAIL PROTECTED]; Wed, 17 Apr 2002 17:15:27 -0500
To: [EMAIL PROTECTED]
Subject: PRIVATE: Insecure temp files in fvwm/session.c
Message-Id: <[EMAIL PROTECTED]>
Date: Wed, 17 Apr 2002 17:15:27 -0500
Full_Name: Jan Echternach
Version: 2.4.7
CVS_Date:
OS: Linux
X_Server: XFree86 3.3.6
Submission from: (NULL) (62.104.208.83)
tempnam() may use $TMPDIR. If that directory is writable by other users,
a temporary file may be created insecurely. I'm attaching a simple patch
that also uses getpwuid() more carefully, and looks at $HOME as the
fvwm2.1
man page describes.
Note 1: The patch compiles, but I haven't tested it because I don't use
session management.
Note 2: The man page doesn't mention TMPDIR, maybe this should be fixed
as well.
Note 3: FvwmCpp.c and FvwmM4.c also create temporary files, but with mode
0644. I think this should be changed to 0600.
--- session.c-orig Wed Apr 17 19:39:18 2002
+++ session.c Wed Apr 17 19:53:42 2002
@@ -24,8 +24,11 @@
#include "config.h"
#include <stdio.h>
+#ifdef HAVE_GETPWUID
#include <pwd.h>
+#endif
#include <signal.h>
+#include <fcntl.h>
#include "libs/fvwmlib.h"
#include "fvwm.h"
@@ -147,13 +150,30 @@
static char *getUniqueStateFilename(void)
{
const char *path = getenv("SM_SAVE_DIR");
- struct passwd *pwd;
+ char *filename;
+ int fd;
+
+ if ( ! path)
+ path = getenv ("HOME");
+#ifdef HAVE_GETPWUID
if (!path) {
- pwd = getpwuid(getuid());
- path = pwd->pw_dir;
+ struct passwd *pwd = getpwuid(getuid());
+ if (pwd)
+ path = pwd->pw_dir;
+ }
+#endif
+ if ( ! path)
+ return NULL;
+
+ filename = tempnam(path, ".fs-");
+ if ((fd = open (filename, O_WRONLY | O_EXCL | O_CREAT, 0600)) == -1) {
+ free (filename);
+ filename = NULL;
+ } else {
+ close (fd);
}
- return tempnam(path, ".fs-");
+ return filename;
}
#else
--
Visit the official FVWM web page at <URL:http://www.fvwm.org/>.
To unsubscribe from the list, send "unsubscribe fvwm-workers" in the
body of a message to [EMAIL PROTECTED]
To report problems, send mail to [EMAIL PROTECTED]
