/tmp/ conserns
Waldo Bastian
bastian at kde.org
Sun Nov 17 14:05:37 GMT 2002
On Friday 15 November 2002 11:35, you wrote:
> kdemultimedia/kscd/libwm/plat_linux.c:307
> Looks bad ?
Does not seem to be used at all. Added O_NOFOLLOW anyway.
> kdenetwork/lanbrowsing/kcmlisa/kcmlisa.cpp:260
> Looks bad, although harder ?
Might be exploitable since the filename is somewhat predictable.
(both pid and time can be known to an attack script)
Patch send to kde-core-devel.
> kdemultimedia/arts/toosl/environmentview.cpp
> Looks bad ? (Don't know if it used though)
Yup, that's bad. Send a patch to kde-core-devel that replaces
/tmp/default.arts-env with ~/default.arts-env
> kdenetwork/kmailcvt/oe4_2mbox.cpp
> Looks bad ?
Yup. Patch send to kde_core-devel and kmail at kde.org to use KTempFile. Couldn't
test it unfortunately.
> kbabel. Looks safe too
It doesn't actually seem to use "/tmp/kbabel_msgfmt.po" in current CVS, but
kapp->tempSaveName("/tmp/kbabel_msgfmt.po") which should become
something like ~/autosave/#tmp#kbabel_msgfmt.po
kapp->tempSaveName seems to fall back to /tmp though if it can't create
~/autosave. That doesn't sound too smart.
> This should be safe I beleive
> ===========================
> bool LXFree40Probe::probeConfig( GraphicsCard &card, Monitor &monitor )
> {
> kdDebug() << "LXFree40Probe::probeConfig()" << endl;
>
> bool parseok = false;
>
> QCString tmpPath;
> tmpPath.sprintf( "/tmp/kxconfig.%i", getpid() );
> if ( mkdir( tmpPath, 0700 ) != 0 )
> {
> perror( "cannot create temporary directory " + tmpPath );
>
> ::exit(1);
>
> }
This is safe.
Cheers,
Waldo
More information about the kde-core-devel
mailing list