Bug 38393 - Insecure tmp file crashes program if more than one user plays.
Insecure tmp file crashes program if more than one user plays.
Status: CLOSED RAWHIDE
Product: Red Hat Powertools
Classification: Retired
Component: Maelstrom (Show other bugs)
7.0
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Bill Nottingham
:
: 49184 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-04-30 10:20 EDT by Matthew Melvin
Modified: 2014-03-16 22:20 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-04-30 13:21:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Melvin 2001-04-30 10:20:54 EDT
This line in main.cpp ...

{ FILE *foo = fopen("/tmp/f", "w"); fprintf(foo, "Main program = %s\n",
argv[0]); fclose(foo); }

...works for the first user to play the game but fails for any subsqeuent
players.  If /tmp/f already exists from a previous player then the current
player does not (normally, depending on umask) have write access so the
fopen() call failes.  When fclose() is called with foo set to NULL the
program segfaults.

Normally an insecurly created tmp file is bad news but this one does not
appear to be used for anything. I assume this is infact a snippet of debug
code that wasn't intented to be part of the final program.

Looking at the maelstrom homepage the versions available for download there
do not appear to include this code.  However there are differences between
the src.rpm and tar.gz there so it is not apparent weither this is redhat
specific code or possibly a bug that has been fixed in the official source
without a version number increase.
Comment 1 Sam Lantinga 2001-04-30 13:21:54 EDT
You're right, it was spurious debugging code.  The bug was fixed without
incrementing the version number.  http://www.devolution.com/~slouken/Maelstrom/
Comment 2 Bill Nottingham 2001-04-30 13:23:59 EDT
Fixed by upgrading to the current tarball in Maelstrom-3.0.1-13, which should
be in the next rawhide release.
Comment 3 Bill Nottingham 2001-07-16 14:41:53 EDT
*** Bug 49184 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.