chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959
Let's try this again. chm2pdf in Fedora 14 is still vulnerable to this. A patch was provided in the Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959#20 I can't think of a reason not to use it.
Created chm2pdf tracking bugs for this issue Affects: fedora-all [bug 665494]
I have been able to apply the patch supplied in the bug url given by Vincent. There are two patches present there , one for insecure_temp_dir and other for bashims. I have applied the first one.
Created attachment 472423 [details] Patch that fixes the insecure temporary file issue
I have applied the patch and here is the spec file and SRPM link SPEC file: https://sites.google.com/site/lakshminaras2002/home/chm2pdf.spec?attredirects=0&d=1 SRPM link: https://sites.google.com/site/lakshminaras2002/home/chm2pdf-0.9.1-9.f13.src.rpm?attredirects=0&d=1
Vincent, Could you provide a review of the patch provided (in the attachment)? Thanks
(In reply to comment #7) > Vincent, > Could you provide a review of the patch provided (in the attachment)? The patch in the attachment looked pretty odd, so I looked at the srpm and pulled the patch you had in there. That one looks good (I've just looked, not tested). I would go ahead and submit it.
This flaw was corrected in Fedora 14: chm2pdf-0.9.1-9.fc14 (FEDORA-2011-0454) and Fedora 13: chm2pdf-0.9.1-8.fc13 (FEDORA-2011-0467)