Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1734

Summary: savetextmode/textmode should not use /tmp
Product: [Retired] Red Hat Linux Reporter: Aleksey Nogin <aleksey>
Component: svgalibAssignee: Preston Brown <pbrown>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-03-31 20:24:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Aleksey Nogin 1999-03-24 08:35:21 UTC 
In svgalib-1.3.0-3 (RH 5.2 updates) utilities
/usr/bin/savetextmode and /usr/bin/textmode use
/tmp/textregs and /tmp/fontdata . This is bad for two
reasons:

1) tmpwatch would remove those files after 10 days. If the
system is screwed up after that, you are no longer able to
use textmode to recover

2) If some malicious local user created some bogus
/tmp/textregs and /tmp/fontdata after tmpwatch have removed
the ones that were generated by savetextmode and
administrator would run textmode, something bad may happen.
Comment 1 Mike Maher 1999-03-24 21:25:59 UTC 
1) The files will still be kept in /tmp in lieu of having another
place to put them.  It seems that /tmp is the most likely place.

2) this has been fixed.



------- Additional Comments From   03/24/99 17:29 -------
1) After reading FSSTND 1.2 I've got an impression that the most
appropriate place for those files would be something like
/var/lib/svga
Comment 2 Preston Brown 1999-03-31 20:24:59 UTC 
agreed.  This has been changed as of svgalib-1.3.1-4 so that the
temporary files reside in /var/lib/svgalib.