Bug 958088

Summary: gnome-color-manager: predictable file names in /tmp
Product: [Fedora] Fedora Reporter: Florian Weimer <fweimer>
Component: gnome-color-managerAssignee: Richard Hughes <rhughes>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: rhughes
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-30 08:40:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 958080    

Description Florian Weimer 2013-04-30 11:18:04 UTC 
gnome-color-manager uses predictable file names in /tmp in a few places.

The first instance is in gcm-hull-widget.c, function gcm_hull_widget_add().

Other instances are in gcm-calibrate.c, via working_path (which is initialized to /tmp).

I believe that this is not a security issue because of the way glib creates this files (no symlink/hard link attacks are possible), but if the file remains in /tmp for some reason, other users cannot use this functionality.
Comment 1 Richard Hughes 2013-07-30 08:40:28 UTC 
(In reply to Florian Weimer from comment #0)
> gnome-color-manager uses predictable file names in /tmp in a few places.

First, thanks for the security review.

> The first instance is in gcm-hull-widget.c, function gcm_hull_widget_add().

This is a valid upstream bug, but we don't actually use this code in RHEL as we don't have libmash, and hence don't use any of the *Hull* code at all. For upstream, I've committed this:

commit 42ae05a8914f8f1adc52e5296b281f0bc5080718
Author: Richard Hughes <richard>
Date:   Tue Jul 30 09:36:53 2013 +0100

    Do not use a predictable name when saving the PLY temp file
    
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=958088

> Other instances are in gcm-calibrate.c, via working_path (which is
> initialized to /tmp).

Again, we don't use gcm-calibrate*.* in RHEL, as we don't have argyllcms. I'm working upstream to move this functionality down to colord, so in the next branch this file will probably not exist. Argyllcms creates it's own temp files with unique names in Fedora, so I think this is fine for now.

> but if the file
> remains in /tmp for some reason, other users cannot use this functionality.

Agreed. I'll mark this NOTABUG from a RHEL7 point of view, but push that PLY fix into F19 and rawhide. Thanks.