First Last Prev Next    This bug is not in your last search results.
Bug 42210 - ispell uses mktemp/fopen for tempfiles.
ispell uses mktemp/fopen for tempfiles.
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: ispell (Show other bugs)
6.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-05-24 16:18 EDT by Jarno Huuskonen
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-05-30 14:45:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch for ispell to use mkstemp/fdopen (1.01 KB, patch)
2001-05-24 16:19 EDT, Jarno Huuskonen 		no flags Details | Diff
Suggested patch for ispell to use mkstemp and convert some gets... (1.27 KB, patch)
2001-05-30 12:49 EDT, Trond Eivind Glomsrxd 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jarno Huuskonen 2001-05-24 16:18:01 EDT 
Description of Problem:
Ispell uses mktemp/fopen for creating a temporary file. Because fopen
doesn't use O_EXCL this has a temp race.
(Also I noticed (w/strace) that ispell tries to unlink the tempfile twice)

Expected Results:
ispell should use mkstemp/fdopen to prevent the temp race.
(Also it might be a good idea to use TMPDIR (if available) instead of
/tmp).
Comment 1 Jarno Huuskonen 2001-05-24 16:19:37 EDT 
Created attachment 19530 [details]
Patch for ispell to use mkstemp/fdopen
Comment 2 Trond Eivind Glomsrxd 2001-05-25 14:30:50 EDT 
ispell 3.1.20-25.52 and 3.1.20-26 has this fix included...
Comment 3 Jarno Huuskonen 2001-05-25 15:09:06 EDT 
sq.c and unsq.c use gets. OpenBSD has a patch for these (gets->fgets):
http://www.openbsd.org/cgi-bin/cvsweb/ports/textproc/ispell/patches/

(They have also a patch for the mktemp that's a little shorter than the one I
posted)
Comment 4 Trond Eivind Glomsrxd 2001-05-29 16:46:02 EDT 
I think I'll let the gets stay... is there any risk for doing anything but
crashing your own, nonsuid app?
Comment 5 Jarno Huuskonen 2001-05-30 00:57:55 EDT 
Ispell bugs might matter when it's called from IMP-webmail for example. I
haven't checked if the gets are in ispell or in the helper applications (or if
they can be exploited at all) probably not a big deal.
Comment 6 Trond Eivind Glomsrxd 2001-05-30 12:48:27 EDT 
Can you take a look at the attached patch? It's a mix of three of OpenBSD's patches
Comment 7 Trond Eivind Glomsrxd 2001-05-30 12:49:21 EDT 
Created attachment 19971 [details]
Suggested patch for ispell to use mkstemp and convert some gets...
Comment 8 Jarno Huuskonen 2001-05-30 13:25:53 EDT 
The patch looks good to me.
Comment 9 Trond Eivind Glomsrxd 2001-05-30 14:45:07 EDT 
Preparing errata with the above patch...
Comment 10 Trond Eivind Glomsrxd 2001-06-06 11:01:59 EDT 
The errata was released yesterday... thanks for your input.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.