On Tue, Apr 04, 2006 at 02:38:21AM +0400, Serge (gentoosiast) Koksharov wrote: > Good (day|morning|night) everyone, > > During examination of FvwmM4 '--debug' option I decided to examine FVWM's > temporary file creation mechanism. Can you believe what I dig out: > > In libs/System.c there is a pragma '#ifdef HAVE_SAFTY_MKSTEMP'. This > construction decides based on configure script system check whether to > use underlying OS's mkstemp function (if it considered secure) or FVWM's > internal one, which lies at the bottom of the same libs/System.c file. > But acinclude.m4 defines 'HAVE_SAFETY_MKSTEMP' pragma, not > 'HAVE_SAFTY_MKSTEMP' which found in libs/System.c. So, in any case > FVWM's internal implementation of mkstemp used even if the OS have its > own _much more secure_ version of this function. This bug probably > existed for almost three years and was introduced on 2003-08-27 > according to main Changelog. I attached patch which applies cleanly > against 2.5.x CVS sources. It also corrects all other 'safty' typos in > the source tree. Somebody on the list needs to verify stable 2.4 branch > also. > > This example shows that a single typo can potentially lead to the big > disaster. I hope it will be good lesson to all of us. In future, all > workers should review every commit more attentively. It's much easier to > not introduce newer bugs and typos than to find and fix them afterwards. > I wonder, was FVWM's code extensively audited? Who knows that may be > lurking inside?
I have committed this patch. Ciao Dominik ^_^ ^_^ -- Dominik Vogt, [EMAIL PROTECTED]
signature.asc
Description: Digital signature
