+++ This bug was initially created as a clone of Bug #236585 +++ Description of problem: lha doesn't open temporary files exclusively, which makes it possible for an attacker to conduct a time-dependent attack by creating the file in advance. Version-Release number of selected component (if applicable): Affects: RHEL2.1 Affects: RHEL3 Affects: RHEL4 Affects: FC5 How reproducible: Time-dependent race. Additional info: The patch also incorporates some trailing-NUL things from SUSE's security review patch. I do not know why weren't they unlike some other fixes from that patch integrated in our packages. It might be possible that they are not needed. The patch is basically a polished diff between SUSE and FC-5 lha. -- Additional comment from lkundrak on 2007-04-16 12:20 EST -- Created an attachment (id=152702) Patch for lha /tmp race & others, applies to FC5
Created attachment 156216 [details] New patch One of the patches already present in FC-5 lha replaces mktemp call with mkstemp which should solve the problem. The patch proposed above won't work with the one already applied. Here is the fixed version that should solve the issue without conflicting with previous patches.