1238843 – rear: Insecure temporary file usage

Bug 1238843 - rear: Insecure temporary file usage

Summary: rear: Insecure temporary file usage

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	rear
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Hracek
QA Contact:	Tereza Cerna
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1221181 1239009 1245189
TreeView+	depends on / blocked

Reported:	2015-07-02 19:15 UTC by Ján Rusnačko
Modified:	2015-11-19 09:01 UTC (History)
CC List:	4 users (show)
Fixed In Version:	rear-1.17.2-1.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1239009 1245189 (view as bug list)
Environment:
Last Closed:	2015-11-19 09:01:05 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2015:2244	0	normal	SHIPPED_LIVE	new package: rear	2015-11-19 09:11:33 UTC

Description Ján Rusnačko 2015-07-02 19:15:12 UTC

Simply grepping for /tmp in source code gives a lot of hits, some of which are dangerous, e.g.:

usr/share/rear/verify/DP/default/50_select_dp_restore.sh:

test -f /tmp/dp_list_of_sessions.in && rm -f /tmp/dp_list_of_sessions.in

Would be nice if all occurences of hardcoded /tmp/.. were replaced with using mktemp.

Filed upstream https://github.com/rear/rear/issues/607

Comment 2 Gratien D'haese 2015-07-24 10:24:14 UTC

The needed changes were done and we will make an intermediate release of rear-1.17.2

Comment 3 Fedora Update System 2015-09-01 16:18:55 UTC

rear-1.17.2-1.el5 has been submitted as an update to Fedora EPEL 5. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7888

Comment 4 Fedora Update System 2015-09-01 17:07:51 UTC

rear-1.17.2-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7889

Comment 5 Fedora Update System 2015-09-01 17:53:28 UTC

rear-1.17.2-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7891

Comment 6 Fedora Update System 2015-09-02 03:48:12 UTC

rear-1.17.2-1.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update rear'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7888

Comment 7 Fedora Update System 2015-09-02 08:47:25 UTC

rear-1.17.2-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update rear'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7889

Comment 8 Fedora Update System 2015-09-02 08:49:02 UTC

rear-1.17.2-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update rear'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7891

Comment 10 Petr Hracek 2015-09-24 09:50:36 UTC

Switching to MODIFIED so that I am able to add it to errata.

Comment 13 Fedora Update System 2015-09-27 08:54:50 UTC

rear-1.17.2-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2015-09-27 15:57:18 UTC

rear-1.17.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2015-09-27 18:22:12 UTC

rear-1.17.2-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 17 errata-xmlrpc 2015-11-19 09:01:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-2244.html

Note You need to log in before you can comment on or make changes to this bug.