Bug 42210 - ispell uses mktemp/fopen for tempfiles.
Summary: ispell uses mktemp/fopen for tempfiles.
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ispell   
(Show other bugs)
Version: 6.2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-05-24 20:18 UTC by Jarno Huuskonen
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-05-30 18:45:11 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch for ispell to use mkstemp/fdopen (1.01 KB, patch)
2001-05-24 20:19 UTC, Jarno Huuskonen 		no flags Details | Diff
Suggested patch for ispell to use mkstemp and convert some gets... (1.27 KB, patch)
2001-05-30 16:49 UTC, Trond Eivind Glomsrxd 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2001:074 normal SHIPPED_LIVE : Updated ispell packages available for Red Hat Linux 5.2 and 6.2 2001-05-30 04:00:00 UTC

Description Jarno Huuskonen 2001-05-24 20:18:01 UTC 
Description of Problem:
Ispell uses mktemp/fopen for creating a temporary file. Because fopen
doesn't use O_EXCL this has a temp race.
(Also I noticed (w/strace) that ispell tries to unlink the tempfile twice)

Expected Results:
ispell should use mkstemp/fdopen to prevent the temp race.
(Also it might be a good idea to use TMPDIR (if available) instead of
/tmp).
Comment 1 Jarno Huuskonen 2001-05-24 20:19:37 UTC 
Created attachment 19530 [details]
Patch for ispell to use mkstemp/fdopen
Comment 2 Trond Eivind Glomsrxd 2001-05-25 18:30:50 UTC 
ispell 3.1.20-25.52 and 3.1.20-26 has this fix included...
Comment 3 Jarno Huuskonen 2001-05-25 19:09:06 UTC 
sq.c and unsq.c use gets. OpenBSD has a patch for these (gets->fgets):
http://www.openbsd.org/cgi-bin/cvsweb/ports/textproc/ispell/patches/

(They have also a patch for the mktemp that's a little shorter than the one I
posted)
Comment 4 Trond Eivind Glomsrxd 2001-05-29 20:46:02 UTC 
I think I'll let the gets stay... is there any risk for doing anything but
crashing your own, nonsuid app?
Comment 5 Jarno Huuskonen 2001-05-30 04:57:55 UTC 
Ispell bugs might matter when it's called from IMP-webmail for example. I
haven't checked if the gets are in ispell or in the helper applications (or if
they can be exploited at all) probably not a big deal.
Comment 6 Trond Eivind Glomsrxd 2001-05-30 16:48:27 UTC 
Can you take a look at the attached patch? It's a mix of three of OpenBSD's patches
Comment 7 Trond Eivind Glomsrxd 2001-05-30 16:49:21 UTC 
Created attachment 19971 [details]
Suggested patch for ispell to use mkstemp and convert some gets...
Comment 8 Jarno Huuskonen 2001-05-30 17:25:53 UTC 
The patch looks good to me.
Comment 9 Trond Eivind Glomsrxd 2001-05-30 18:45:07 UTC 
Preparing errata with the above patch...
Comment 10 Trond Eivind Glomsrxd 2001-06-06 15:01:59 UTC 
The errata was released yesterday... thanks for your input.
Note You need to log in before you can comment on or make changes to this bug.