Bug 67351 - Xfig creates temporary files insecurely
Summary: Xfig creates temporary files insecurely
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: xfig   
(Show other bugs)
Version: 6.2
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Ngo Than
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-06-23 08:56 UTC by Jarno Huuskonen
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-06-23 08:56:18 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jarno Huuskonen 2002-06-23 08:56:13 UTC
Description of Problem:
Xfig (tested both 3.2.3_beta1 and 3.2.3d) creates temporary files with
code like this:
    sprintf(tmpfile, "%s/%s%06d", TMPDIR, "xfig-eps", getpid());
    if ((tmpfp = fopen(tmpfile, "wb")) == NULL) {
(TMPDIR is either $XFIGTMPDIR or /tmp)
So the tempfile name is easy to guess and xfig doesn't use O_EXCL when opening
it.

Version-Release number of selected component (if applicable):
3.2.3_beta1-2

Additional Information:
I started working on a patch, but I don't have the time test it enough (it makes
xfig use mkstemp, so parts of xfig where code create tempfiles with certain
suffix: eg. xfig-pid.pic, the patch loses the suffix ...)
http://www.uku.fi/~jhuuskon/xfig-3.2.3d-mkstemp.diff

Comment 1 Ngo Than 2002-06-25 16:27:50 UTC
already added your patch file into next release. thanks


Note You need to log in before you can comment on or make changes to this bug.