Bug 116443 - Insecure tmpfile creation
Summary: Insecure tmpfile creation
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: htdig
Version: 1.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Phil Knirsch
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks: FC2Target
TreeView+ depends on / blocked
 
Reported: 2004-02-21 02:50 UTC by Enrico Scholz
Modified: 2015-03-05 01:13 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2004-02-26 15:01:41 UTC


Attachments (Terms of Use)

Description Enrico Scholz 2004-02-21 02:50:25 UTC
Description of problem:

| $ cat /usr/bin/HtFileType
| ...
| tmpfile=/tmp/`basename $0`.$$


Version-Release number of selected component (if applicable):

htdig-3.2.0b5-4

Comment 2 Phil Knirsch 2004-02-23 16:29:59 UTC
Urgs. OK. Fix should be easy using mktemp. Should be fixed in next
release, too.

Read ya, Phil

Comment 3 Phil Knirsch 2004-02-26 15:01:41 UTC
Fixed in htdig-3.2.0b5-6 and later.

Read ya, Phil


Note You need to log in before you can comment on or make changes to this bug.