Bug 705100 (CVE-2011-1920)
| Summary: | CVE-2011-1920 mk-files: insecure temporary file usage | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | jakub, jlieskov, jrusnack, kasal |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-08-21 23:38:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 705103 | ||
| Bug Blocks: | |||
*** Bug 705090 has been marked as a duplicate of this bug. *** Created mk-files tracking bugs for this issue Affects: fedora-all [bug 705103] Statement: The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to fix this flaw in Red Hat Enterprise Linux 4. If more information becomes available at a future date, we may revisit the issue. This was assigned the name CVE-2011-1920. |
A Debian bug report [1] noted that pmake (and mk-files in Fedora) contained the files /usr/share/mk/bsd.{lib,prog}.mk that created temporary files insecurely with predictable file names in /tmp (/tmp/_depend[PID]), ignoring any $TMPDIR values. In lib.mk: 446 afterdepend: .depend 447 @(TMP=/tmp/_depend$$$$; \ 448 sed -e 's/^\([^\.]*\).o[ ]*:/\1.o \1.po \1.so \1.ln:/' \ 449 < .depend > $$TMP; \ 450 mv $$TMP .depend) 451 .endif The same is found in prog.mk (in Fedora's mk-files package). The Debian bug report proposes to use mktemp here: - @(TMP=/tmp/_depend$$$$; \ + @(TMP=`mktemp -t _dependXXXXXXXXXX` || exit $$?; \ Upstream has already corrected this by removing the offending code [2],[3]. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673 [2] http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240 [3] http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193