Debian Bug report logs - #244709
ipmenu creates an unsecure temporary file.

version graph

Package: ipmenu; Maintainer for ipmenu is (unknown);

Reported by: Akira YOSHIYAMA <yosshy@debian.or.jp>

Date: Mon, 19 Apr 2004 17:18:03 UTC

Severity: grave

Tags: patch, security

Found in version 0.0.3-4

Fixed in version ipmenu/0.0.3-5

Done: bao@debian.org (Bao C. Ha)

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, bao@debian.org (Bao C. Ha):
Bug#244709; Package ipmenu. Full text and rfc822 format available.

Acknowledgement sent to Akira YOSHIYAMA <yosshy@debian.or.jp>:
New Bug report received and forwarded. Copy sent to bao@debian.org (Bao C. Ha). Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Akira YOSHIYAMA <yosshy@debian.or.jp>
To: submit@bugs.debian.org
Subject: ipmenu creates an unsecure temporary file.
Date: Tue, 20 Apr 2004 02:10:13 +0900
Package: ipmenu
Version: 0.0.3-4

ipmenu creates an temporary file named "/tmp/ipmenu.log". It's defined in
/usr/sbin/ipmenu like below:
---
#!/bin/sh
# $Id: ipmenu,v 1.10 2001/02/10 21:17:00 stes Exp $

IPLOG=${IPLOG-/tmp/ipmenu.log}
export IPLOG

(snip)
---
Temporary files, especially created by root, should be unexpectedly named
for security. In a shell script, /bin/tempfile command is useful for
naming. For example,
---
#!/bin/sh
# $Id: ipmenu,v 1.10 2001/02/10 21:17:00 stes Exp $

test -z "$IPLOG" && IPLOG=$(/bin/tempfile -p ipmenu -s .log)
export IPLOG

IPMENU=${IPMENU-/usr/lib/ipmenu}
export IPMENU
---



Tags added: security Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `grave'. Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, bao@debian.org (Bao C. Ha):
Bug#244709; Package ipmenu. Full text and rfc822 format available.

Acknowledgement sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
Extra info received and forwarded to list. Copy sent to bao@debian.org (Bao C. Ha). Full text and rfc822 format available.

Message #14 received at 244709@bugs.debian.org (full text, mbox):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>
To: 244709@bugs.debian.org
Cc: control@bugs.debian.org
Subject: The bug request includes a patch
Date: Thu, 13 May 2004 16:56:44 +0200
[Message part 1 (text/plain, inline)]
tag 244709 patch
thanks

The bug submission includes a patch to fix the way /usr/sbin/ipmenu handles 
temporary files. Although notice that it's probably best to do:

------------------------------------------------
IPLOG=$(/bin/tempfile -p ipmenu -s .log)
if [ $? -ne 0 -o ! -f "$IPLOG" ] ; then
        echo "ERROR: Could 
not create temporary file 
$IPLOG"
        exit 1
fi
export IPLOG
------------------------------------------------

This patch avoids trusting the environment (it might be polluted) and 
checks wether the file was created correctly or not.

Regards

Javier
[signature.asc (application/pgp-signature, inline)]

Tags added: patch Request was from Javier Fernández-Sanguino Peña <jfs@computer.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to bao@debian.org (Bao C. Ha):
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Akira YOSHIYAMA <yosshy@debian.or.jp>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #21 received at 244709-close@bugs.debian.org (full text, mbox):

From: bao@debian.org (Bao C. Ha)
To: 244709-close@bugs.debian.org
Subject: Bug#244709: fixed in ipmenu 0.0.3-5
Date: Sun, 23 May 2004 01:32:07 -0400
Source: ipmenu
Source-Version: 0.0.3-5

We believe that the bug you reported is fixed in the latest version of
ipmenu, which is due to be installed in the Debian FTP archive:

ipmenu_0.0.3-5.diff.gz
  to pool/main/i/ipmenu/ipmenu_0.0.3-5.diff.gz
ipmenu_0.0.3-5.dsc
  to pool/main/i/ipmenu/ipmenu_0.0.3-5.dsc
ipmenu_0.0.3-5_i386.deb
  to pool/main/i/ipmenu/ipmenu_0.0.3-5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 244709@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bao C. Ha <bao@debian.org> (supplier of updated ipmenu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 22 May 2004 18:51:33 -0800
Source: ipmenu
Binary: ipmenu
Architecture: source i386
Version: 0.0.3-5
Distribution: unstable
Urgency: low
Maintainer: Bao C. Ha <bao@debian.org>
Changed-By: Bao C. Ha <bao@debian.org>
Description: 
 ipmenu     - A cursel iptables/iproute2 GUI
Closes: 184298 244709
Changes: 
 ipmenu (0.0.3-5) unstable; urgency=low
 .
   * Change to Standards-Version 3.6.1
   * Change the IPLOG file to read/write only to the owner, since it is
     sometimes used by sys admins to learn new rules. (closes: #244709).
   * Fix Menu.filter! It no longer segfaults when hitting Filter/Delete
     multiple times. (closes: #184298).
Files: 
 4ca35ecd7800f42b62d7dfc82f513e1e 590 net extra ipmenu_0.0.3-5.dsc
 8cd1b367fc645590d874488ad2ca963c 2406 net extra ipmenu_0.0.3-5.diff.gz
 f00651ab4b03812014d50c95680125bc 23106 net extra ipmenu_0.0.3-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAkCwQbAACgkQn2x5CO2VaziSxACdHJEQ9bYABroJLKibUbtiyJfD
DTEAn2W//1xFMAi9/NI5nVGHmzWSv2dM
=yQiu
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 13:03:45 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.