Report forwarded to debian-bugs-dist@lists.debian.org, Stefan Hornburg (Racke) <racke@linuxia.de>: Bug#496405; Package sympa.
(full text, mbox, link).
Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to Stefan Hornburg (Racke) <racke@linuxia.de>.
(full text, mbox, link).
version: 5.3.4-5.1
This bug has been fixed in 5.3.4-5.1, see bug #494969 for reference.
Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
Information forwarded to debian-bugs-dist@lists.debian.org, Stefan Hornburg (Racke) <racke@linuxia.de>: Bug#496405; Package sympa.
(full text, mbox, link).
Acknowledgement sent to Olivier Berger <olivier.berger@it-sudparis.eu>:
Extra info received and forwarded to list. Copy sent to Stefan Hornburg (Racke) <racke@linuxia.de>.
(full text, mbox, link).
Cc: 494969@bugs.debian.org, "Dmitry E. Oboukhov" <unera@debian.org>, 496405@bugs.debian.org
Subject: Re: Bug#494969: sympa: Leftover debug code may lead to data loss
Date: Mon, 25 Aug 2008 11:59:46 +0200
Le jeudi 21 août 2008 à 16:14 +0200, Thijs Kinkhorst a écrit :
> When grepping the sympa source for "/tmp" I find quite some occurances
> of
> other files directly in tmp with insecure filenames. It should be
> checked
> for each if that code is executed and whether or not they should be
> moved
> to Sympa's private tempdir.
>
Indeed, grepping through contents of binary package gives quite some
occurrences :
./usr/share/doc/sympa/examples/config/sympa.conf:tmpdir /var/spool/sympa/tmp
./usr/lib/sympa/bin/Log.pm: #open TMP, ">/tmp/logs.dump";
./usr/lib/sympa/bin/tt2.pl: open my $fh, ">/tmp/tt2/$newname";
./usr/lib/sympa/bin/tools.pl: ## first step is the msg signing OK ; /tmp/sympa-smime.$$ is created
./usr/lib/sympa/bin/tools.pl: my $temporary_file = "/tmp/smime-sender.".$$ ;
./usr/lib/sympa/bin/List.pm:# $parser->output_dir($Conf{'spool'} ."/tmp");
./usr/lib/sympa/bin/List.pm:# open TMP2, ">/tmp/digdump"; &tools::dump_var($param, 0, \*TMP2); close TMP2;
./usr/lib/sympa/bin/List.pm:# open TMP2, ">/tmp/digdump"; &tools::dump_var($param, 0, \*TMP2); close TMP2;
./usr/lib/sympa/bin/sympasoap.pm:# open TMP2, ">>/tmp/yy"; printf TMP2 "xxxxxxxxxx parameters \n"; &tools::dump_var($proxy_vs, 0, \*TMP2);printf TMP2 "--------\n"; close TMP2;
./usr/lib/sympa/bin/CAS.pm: $cas->proxyMode(pgtFile => '/tmp/pgt.txt',
./usr/lib/sympa/bin/sympa_wizard.pl:my $new_wwsympa_conf = '/tmp/wwsympa.conf';
./usr/lib/sympa/bin/sympa_wizard.pl:my $new_sympa_conf = '/tmp/sympa.conf';
./usr/lib/sympa/bin/Conf.pm: $o{'tmpdir'}[0] = "$spool/tmp";
./usr/lib/sympa/bin/Conf.pm: # open TMP, ">/tmp/dump1";&tools::dump_var(&load_generic_conf_file($config,\%trusted_applications);, 0,\*TMP);close TMP;
./usr/lib/sympa/bin/Conf.pm:#open TMP2, ">>/tmp/sss"; printf TMP2 "xxxxxxxxxxxxxxxxxxx--------structure admin\n"; &tools::dump_var(\%admin, 0, \*TMP2);printf TMP2 "xxxxxxxxxxxxxxxxxxx--------\n"; close TMP2;
./usr/lib/sympa/bin/sympa_soap_client.pl:# file => '/tmp/my_cookies' );
./usr/lib/sympa/bin/sympa_soap_client.pl: file => '/tmp/my_cookies' );
./usr/lib/sympa/bin/Family.pm: # open TMP, ">/tmp/dump1";
./usr/lib/sympa/bin/Auth.pm: # open TMP2, ">>/tmp/yy"; printf TMP2 "xxxxxxxxxxx\@ trusted_apps \n"; &tools::dump_var(\@trusted_apps, 0, \*TMP2);printf TMP2 "--------\n"; close TMP2;
./usr/lib/sympa/bin/sympa.pl: --make_alias_file : create file in /tmp with all aliases (usefull when aliases.tpl is changed)
./usr/lib/cgi-bin/sympa/wwsympa.fcgi: # open TMP, ">/tmp/dump1";
./usr/lib/cgi-bin/sympa/wwsympa.fcgi: # open TMP, ">/tmp/dump2";
./usr/lib/cgi-bin/sympa/wwsympa.fcgi: #open TMP, ">/tmp/dump1";
./usr/bin/sympa: --make_alias_file : create file in /tmp with all aliases (usefull when aliases.tpl is changed)
./usr/bin/sympa_wizard:my $new_wwsympa_conf = '/tmp/wwsympa.conf';
./usr/bin/sympa_wizard:my $new_sympa_conf = '/tmp/sympa.conf';
I think that even though the first ones reported on /usr/lib/cgi-bin/sympa/wwsympa.fcgi and /usr/lib/sympa/bin/sympa.pl are now fixed by uploaded 5.3.4-5.1, there's some more need for analysis (checking with upstream too).
I think that opening a distinct bug would probably be better too.
Hope this helps.
--
Olivier BERGER <olivier.berger@it-sudparis.eu>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
Forcibly Merged 494969496405.
Request was from Olivier Berger <olivier.berger@it-sudparis.eu>
to control@bugs.debian.org.
(Mon, 25 Aug 2008 12:42:19 GMT) (full text, mbox, link).
Bug reopened, originator not changed.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Wed, 27 Aug 2008 15:27:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 16 Feb 2009 07:40:53 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.