42210 – ispell uses mktemp/fopen for tempfiles.

Bug 42210 - ispell uses mktemp/fopen for tempfiles.

Summary: ispell uses mktemp/fopen for tempfiles.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	ispell
Sub Component:
Version:	6.2
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Trond Eivind Glomsrxd
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-05-24 20:18 UTC by Jarno Huuskonen
Modified:	2008-05-01 15:38 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2001-05-30 18:45:11 UTC
Embargoed:

Attachments	(Terms of Use)
Patch for ispell to use mkstemp/fdopen (1.01 KB, patch) 2001-05-24 20:19 UTC, Jarno Huuskonen	no flags	Details \| Diff
Suggested patch for ispell to use mkstemp and convert some gets... (1.27 KB, patch) 2001-05-30 16:49 UTC, Trond Eivind Glomsrxd	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2001:074	0	normal	SHIPPED_LIVE	: Updated ispell packages available for Red Hat Linux 5.2 and 6.2	2001-05-30 04:00:00 UTC

Description Jarno Huuskonen 2001-05-24 20:18:01 UTC

Description of Problem:
Ispell uses mktemp/fopen for creating a temporary file. Because fopen
doesn't use O_EXCL this has a temp race.
(Also I noticed (w/strace) that ispell tries to unlink the tempfile twice)

Expected Results:
ispell should use mkstemp/fdopen to prevent the temp race.
(Also it might be a good idea to use TMPDIR (if available) instead of
/tmp).

Comment 1 Jarno Huuskonen 2001-05-24 20:19:37 UTC

Created attachment 19530 [details]
Patch for ispell to use mkstemp/fdopen

Comment 2 Trond Eivind Glomsrxd 2001-05-25 18:30:50 UTC

ispell 3.1.20-25.52 and 3.1.20-26 has this fix included...

Comment 3 Jarno Huuskonen 2001-05-25 19:09:06 UTC

sq.c and unsq.c use gets. OpenBSD has a patch for these (gets->fgets):
http://www.openbsd.org/cgi-bin/cvsweb/ports/textproc/ispell/patches/

(They have also a patch for the mktemp that's a little shorter than the one I
posted)

Comment 4 Trond Eivind Glomsrxd 2001-05-29 20:46:02 UTC

I think I'll let the gets stay... is there any risk for doing anything but
crashing your own, nonsuid app?

Comment 5 Jarno Huuskonen 2001-05-30 04:57:55 UTC

Ispell bugs might matter when it's called from IMP-webmail for example. I
haven't checked if the gets are in ispell or in the helper applications (or if
they can be exploited at all) probably not a big deal.

Comment 6 Trond Eivind Glomsrxd 2001-05-30 16:48:27 UTC

Can you take a look at the attached patch? It's a mix of three of OpenBSD's patches

Comment 7 Trond Eivind Glomsrxd 2001-05-30 16:49:21 UTC

Created attachment 19971 [details]
Suggested patch for ispell to use mkstemp and convert some gets...

Comment 8 Jarno Huuskonen 2001-05-30 17:25:53 UTC

The patch looks good to me.

Comment 9 Trond Eivind Glomsrxd 2001-05-30 18:45:07 UTC

Preparing errata with the above patch...

Comment 10 Trond Eivind Glomsrxd 2001-06-06 15:01:59 UTC

The errata was released yesterday... thanks for your input.

Note You need to log in before you can comment on or make changes to this bug.