Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling
Hi Robos, * Robos [EMAIL PROTECTED] [2007-12-10 19:39]: On Sun, 09.12.07, Stephen Birch [EMAIL PROTECTED] wrote: Nico Golde([EMAIL PROTECTED])@2007-12-09 21:18: Cant the log files just be placed in the current working directory? Either way, it sounds good. That would be the same problem if you call vobcopy in a world-writable directory. Checking if the file already exists and creating a unique name using mkstemp or opening the file with O_EXCL should be enough. From my short read of the man pages I got the impression that O_EXCL was not a posix feature. If so, it would limit vobcopy from running on not-posix conformant platforms (whatever they may be...) [...] Where did you read this cause it is of course valid in POSIX. Just have a look at man 3p open. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpGT1rBNJxHg.pgp Description: PGP signature
Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling
On Sun, 09.12.07, Stephen Birch [EMAIL PROTECTED] wrote: Nico Golde([EMAIL PROTECTED])@2007-12-09 21:18: Cant the log files just be placed in the current working directory? Either way, it sounds good. That would be the same problem if you call vobcopy in a world-writable directory. Checking if the file already exists and creating a unique name using mkstemp or opening the file with O_EXCL should be enough. From my short read of the man pages I got the impression that O_EXCL was not a posix feature. If so, it would limit vobcopy from running on not-posix conformant platforms (whatever they may be...) Of course its also an option to place them in the users home directory. Kind regards Point taken. Let me ask this, is there any real value in either -q or -v -v opening a log file at all? Does it serve any useful purpose since it is so easy to redirect stderr from the command line. Perhaps the simple solution is just to remove these features from vobcopy? Bad idea, especially with -q. Vobcopy let's you redirect the output to stdout, in order to pipe it to e.g. mplayer or bbtools. It would be kind of bad if the progress bar also ended up in mplayer, don't you think :) And -v -v is there for the convenience of the bug-reporter. I got emails from people that simply said your program told me to send you this, here you go. I doubt that they could have redirected stdout or err... Robos ... what do you think? Loosing those options is not possible IMHO. Cheers Robos Steve -- Robos - gpg --recv-keys --keyserver blackhole.pca.dfn.de 6EEADA09 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling
Robos([EMAIL PROTECTED])@2007-12-08 23:02: I'm working on it. Time is short though so it might take another week. Maybe I should upload 1.0.2, at least to get it into the debian system. I want to get the bugs closed in their system! I think about moving the place of the logfiles to the home of the calling user, are there any objections agains this? Cant the log files just be placed in the current working directory? Either way, it sounds good. Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling
Hi Stephen, * Stephen Birch [EMAIL PROTECTED] [2007-12-09 21:13]: Robos([EMAIL PROTECTED])@2007-12-08 23:02: [...] I think about moving the place of the logfiles to the home of the calling user, are there any objections agains this? Cant the log files just be placed in the current working directory? Either way, it sounds good. That would be the same problem if you call vobcopy in a world-writable directory. Checking if the file already exists and creating a unique name using mkstemp or opening the file with O_EXCL should be enough. Of course its also an option to place them in the users home directory. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpVCmKg198po.pgp Description: PGP signature
Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling
Nico Golde([EMAIL PROTECTED])@2007-12-09 21:18: Cant the log files just be placed in the current working directory? Either way, it sounds good. That would be the same problem if you call vobcopy in a world-writable directory. Checking if the file already exists and creating a unique name using mkstemp or opening the file with O_EXCL should be enough. Of course its also an option to place them in the users home directory. Kind regards Point taken. Let me ask this, is there any real value in either -q or -v -v opening a log file at all? Does it serve any useful purpose since it is so easy to redirect stderr from the command line. Perhaps the simple solution is just to remove these features from vobcopy? Robos ... what do you think? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling
Hi Stephen, * Stephen Birch [EMAIL PROTECTED] [2007-12-09 22:09]: Nico Golde([EMAIL PROTECTED])@2007-12-09 21:18: Cant the log files just be placed in the current working directory? Either way, it sounds good. [...] Point taken. Let me ask this, is there any real value in either -q or -v -v opening a log file at all? Does it serve any useful purpose since it is so easy to redirect stderr from the command line. Perhaps the simple solution is just to remove these features from vobcopy? This does not seem like an option to me too because vobcopy is using stderr and stdout, I doubt the average user can redirect those streams in the shell. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpXstMmBYVlF.pgp Description: PGP signature
Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling
Nico Golde([EMAIL PROTECTED])@2007-12-10 00:03: This does not seem like an option to me too because vobcopy is using stderr and stdout, I doubt the average user can redirect those streams in the shell. hmmm .. its not difficult to redirect (1filea 2fileb) or to combine (21). But would the *average* user be collecting this information in the first place? Another option would be to send error data to stdout instead of stderr. Does a two output stream (stdout/stderr) have any use with vobcopy? Warm regards, Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling
Hi Steffen, * Steffen Joeris [EMAIL PROTECTED] [2007-12-07 19:29]: Any update on this? Nope. I had not yet the time to look into a prospective patch. A quick look at the source revealed that the code is pretty bad and it would be some work to integrate this in a clean way. I contacted the upstream author a while ago and it seemed like he fails to see that this is a security bug, so I guess we have to really write a patch on our own. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpz0PVkfc8DW.pgp Description: PGP signature
Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling
On Fri, 07.12.07, Steffen Joeris [EMAIL PROTECTED] wrote: Hi Hi Any update on this? I'm working on it. Time is short though so it might take another week. I think about moving the place of the logfiles to the home of the calling user, are there any objections agains this? Cheers Robos Cheers Steffen -- Robos - gpg --recv-keys --keyserver blackhole.pca.dfn.de 6EEADA09 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#448319: vobcopy: CVE-2007-5718 insecure temporary file handling
Hi Any update on this? Cheers Steffen signature.asc Description: This is a digitally signed message part.