Bug 79682
| Summary: | xpdf - unsafe temporary files | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Raw Hide | Reporter: | Michal Jaegermann <michal> |
| Component: | xpdf | Assignee: | Than Ngo <than> |
| Status: | CLOSED RAWHIDE | QA Contact: | Mike McLean <mikem> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 1.0 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-03-31 15:15:10 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
it's fixed in 2.02-2 or newer. |
Description of problem: During compilation of xpdf gcc comes twice with warnings: gfile.o(.text+0x4d9): the use of `tmpnam' is dangerous, better use `mkstemp' The problem is really that code from goo/gfile.cc //---------- Unix ---------- char *s; int fd; if (ext) { #if HAVE_MKSTEMPS /* .... */ #else if (!(s = tmpnam(NULL))) { return gFalse; } *name = new GString(s); (*name)->append(ext); fd = open((*name)->getCString(), O_WRONLY | O_CREAT | O_EXCL, 0600); #endif } else { ..... AFAIK this branch is not even really used in the current version of xpdf but the problem is a need for 'ext' which is not supported by 'mkstemp()'. True, O_EXCL flag is used to 'open()' but this will not help really if a directory where this is happening will be mounted, say, via NFS. Likely a remote possibility of an attack but it exists. A simple way to close the bug for now would be to comment out the whole branch. In general, in an absence of mkstemps(), mkdtemp() likely should be used to create a temporary subdirectory where files with desired extenstions can be safely opened and the whole directory should be removed on exit. Version-Release number of selected component (if applicable): xpdf-2.01-2 but the same code is actually in earlier versions as well.