Bug#485752: dogtail: [DoS] use of /tmp/dogtail prevents use by multiple users
Howdy Jose, The ‘python-dogtail’ package has a reported bug, #485752, that was reported 2008-06-11. The report is severity “serious”, and it has had a patch since 2008-09-25. Have you managed to review this bug report and the patch? If so, it would be very helpful if you could send a message to this bug report with your response. More generally, the package is currently removed from ‘testing’ and without an active maintainer it will likely not continue in Debian. Are you still in a position to have ongoing time and opportunity to maintain the ‘python-dogtail’ package? -- \ “Every valuable human being must be a radical and a rebel, for | `\ what he must aim at is to make things better than they are.” | _o__) —Niels Bohr | Ben Finney b...@benfinney.id.au signature.asc Description: Digital signature
Bug#485752: dogtail: [DoS] use of /tmp/dogtail prevents use by multiple users
On Wed, Jun 11, 2008 at 10:18:29AM +0200, Yann Dirson (Debian) wrote:
Dogtail systematically create logfiles in /tmp/dogtail/. The 1st user to
run a script using dogtail (including the sniff gui) wins, and no other
user can use dogtail any more until that dir is manually removed.
The path for logfiles and datafiles can be set using the scratchDir,
logDir and dataDir in any configuration file.
However, using a (partially predictable) default under /tmp can lead to
security issues, so here I propose a patch to change the default to:
$HOME/dogtail/
if the HOME environment variable is defined, and to
/tmp/dogtail-username/
if the HOME variable is not set.
Just my 0.02${CURRENCY}.
Ludovico
--
[EMAIL PROTECTED]#acheronte (irc.freenode.net) ICQ: 64483080
GPG ID: 07F89BB8 Jabber: [EMAIL PROTECTED] Yahoo: gardenghelle
-- This is signature nr. 4524
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#485752: dogtail: [DoS] use of /tmp/dogtail prevents use by multiple users
Ahem. *Here* is the patch. :-)
Ludovico
--
[EMAIL PROTECTED]#acheronte (irc.freenode.net) ICQ: 64483080
GPG ID: 07F89BB8 Jabber: [EMAIL PROTECTED] Yahoo: gardenghelle
-- This is signature nr. 4525
diff -ur dogtail-0.6.1/dogtail/config.py dogtail-0.6.1.new/dogtail/config.py
--- dogtail-0.6.1/dogtail/config.py 2006-09-21 19:21:28.0 +0200
+++ dogtail-0.6.1.new/dogtail/config.py 2008-09-25 21:36:44.0 +0200
@@ -13,6 +13,15 @@
def _encoding():
return locale.getpreferredencoding().lower()
+def _homeDirOrNamedTmp(baseName):
+if 'HOME' in os.environ:
+# i.e. /home/foo/dogtail
+return '/'.join((os.environ['HOME'], baseName))
+else:
+# i.e. /tmp/dogtail-foo
+return '-'.join(('/'.join(('/tmp', baseName)), os.getlogin()))
+
+
class _Config(object):
Contains configuration parameters for the dogtail run.
@@ -100,12 +109,15 @@
__scriptName = staticmethod(_scriptName)
__encoding = staticmethod(_encoding)
+__homeDirOrNamedTmp = staticmethod(_homeDirOrNamedTmp)
+
+
defaults = {
# Storage
-'scratchDir' : '/tmp/dogtail/',
-'dataDir' : '/tmp/dogtail/data/',
-'logDir' : '/tmp/dogtail/logs/',
+'scratchDir' : '/'.join((_homeDirOrNamedTmp('dogtail'), '')),
+'dataDir' : '/'.join((_homeDirOrNamedTmp('dogtail'), 'data', '')),
+'logDir' : '/'.join((_homeDirOrNamedTmp('dogtail'), 'logs', '')),
'scriptName' : _scriptName(),
'encoding' : _encoding(),
'configFile' : None,
Bug#485752: dogtail: [DoS] use of /tmp/dogtail prevents use by multiple users
Package: python-dogtail Version: 0.6.1-3 Severity: serious Dogtail systematically create logfiles in /tmp/dogtail/. The 1st user to run a script using dogtail (including the sniff gui) wins, and no other user can use dogtail any more until that dir is manually removed. from dogtail import * Creating /tmp/dogtail ... Creating /tmp/dogtail/logs ... Creating /tmp/dogtail/data ... Creating logfile at /tmp/dogtail/logs/log_20080611-101107_debug ... Detecting distribution: Debian (or derived distribution) Warning: AT-SPI's desktop is visible but it has no children. Are you running any AT-SPI-aware applications? Creating logfile at /tmp/dogtail/logs/log_20080611-101108_results ... $ ls -ld /tmp/dogtail drwxr-xr-x 4 yann yann 80 jun 11 10:11 /tmp/dogtail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
