Bug 669965 - unsafe use of /tmp
Summary: unsafe use of /tmp
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: fail2ban
Version: 14
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Axel Thimm
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 700769 (view as bug list)
Depends On:
Blocks: 669966
TreeView+ depends on / blocked
 
Reported: 2011-01-16 09:46 UTC by Phil Anderson
Modified: 2011-04-30 13:32 UTC (History)
3 users (show)

Fixed In Version: fail2ban-0.8.4-27.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-04-18 04:03:07 UTC
Type: ---


Attachments (Terms of Use)

Description Phil Anderson 2011-01-16 09:46:04 UTC
fail2ban insecurely uses predictable tmp files for the following actions:
dshield
mail-buffered
sendmail-buffered
mynetwatchman

While mktemp in /tmp could work for some, others are are persistent (i.e. dshield), so need a predictable path like /var/lib/fail2ban.

Note that SELinux currently allow fail2ban to work with files in /tmp.  I'll create another bug with this blocking, as the solution for this should be decided before updating the policy.

FYI, why predictable tmp files are :
http://www.linuxsecurity.com/content/view/115462/151/

Comment 1 Fedora Update System 2011-04-09 19:07:04 UTC
fail2ban-0.8.4-27.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc14

Comment 2 Fedora Update System 2011-04-09 19:07:39 UTC
fail2ban-0.8.4-27.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc13

Comment 3 Fedora Update System 2011-04-09 19:08:12 UTC
fail2ban-0.8.4-27.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc15

Comment 4 Fedora Update System 2011-04-10 01:43:55 UTC
Package fail2ban-0.8.4-27.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing fail2ban-0.8.4-27.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc15
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2011-04-18 04:02:36 UTC
fail2ban-0.8.4-27.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2011-04-25 20:50:20 UTC
fail2ban-0.8.4-27.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2011-04-25 20:55:03 UTC
fail2ban-0.8.4-27.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Axel Thimm 2011-04-30 13:32:14 UTC
*** Bug 700769 has been marked as a duplicate of this bug. ***

Comment 9 Axel Thimm 2011-04-30 13:32:29 UTC
*** Bug 700763 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.