[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gEDA-dev: gEDA 1.4.2 fixes

To: gEDA developer mailing list <geda-dev-at-NOSPAMmoria_dot_seul_dot_org>
Subject: Re: gEDA-dev: gEDA 1.4.2 fixes
From: Peter Clifton <pcjc2-at-NOSPAMcam_dot_ac_dot_uk>
Date: Fri, 21 Nov 2008 23:59:11 +0000
Delivery-Date: Fri, 21 Nov 2008 18:59:13 -0500
In-Reply-To: <200811212343.50585.wk0@o2.pl>
List-Archive: <http://www.seul.org/pipermail/geda-dev>
List-Help: <mailto:geda-dev-request@moria.seul.org?subject=help>
List-Id: gEDA developer mailing list <geda-dev.moria.seul.org>
List-Post: <mailto:geda-dev@moria.seul.org>
List-Subscribe: <http://www.seul.org/cgi-bin/mailman/listinfo/geda-dev>,<mailto:geda-dev-request@moria.seul.org?subject=subscribe>
List-Unsubscribe: <http://www.seul.org/cgi-bin/mailman/listinfo/geda-dev>,<mailto:geda-dev-request@moria.seul.org?subject=unsubscribe>
References: <1227293342.32161.2.camel@pcjc2lap> <200811212343.50585.wk0@o2.pl>
Reply-To: gEDA developer mailing list <geda-dev-at-NOSPAMmoria_dot_seul_dot_org>
Sender: geda-dev-bounces-at-NOSPAMmoria_dot_seul_dot_org

On Fri, 2008-11-21 at 23:43 +0100, Wojciech Kazubski wrote:
> > If there are any other simple, bug-fix-only, non-ABI-breaking fixes
> > people can think of for 1.4.2, please add them to the wiki, or poke me
> > and I'll do it.
> 
> Few days ago security problem was discovered in gnetlist and labelled as 
> CVE-2008-5148. This is caused by sch2eaglepos.sh creating a temporary file in 
> inescure way (predictible name) and this makes possible to overwrite 
> arbitrary file in the system (symlink attack).

I'm probably being ignorant here, but how does this work? Is the problem
that the symlink might be created by another user on the system, and use
the privileges of the person executing gnetlist to overwrite some file
which that user has permission to?


> Chitlesh Goorah from Fedora created a patch that corrects this by using mktemp 
> to create temporary file. The essential part of the patch changes the lines 
> 20 and 21 of sch2eaglepos.sh from:
> ...[snip]...
> TMP=/tmp/$$
> grep -B1 refdes= "$FNAME" |sed 's/=/ /' | cut -d" " -f2,3 |grep -v '^--' 
> >/tmp/$$
> ...[snip]...
> to:
> ...[snip]...
> TMP=`mktemp`
> grep -B1 refdes= "$FNAME" |sed 's/=/ /' | cut -d" " -f2,3 |grep -v '^--' > 
> $TMP
> ...[snip]...
> 
> The patch should be applied before next release but I don't know if mktemp is 
> avalilable in all OS-es (BSD, Windows?).

AFAIK, we can't run shell scripts on Windows anyway, so it probably
doesn't matter. According to the man-page on my box:
"The mktemp utility appeared in OpenBSD 2.1."

-- 
Peter Clifton

Electrical Engineering Division,
Engineering Department,
University of Cambridge,
9, JJ Thomson Avenue,
Cambridge
CB3 0FA

Tel: +44 (0)7729 980173 - (No signal in the lab!)



_______________________________________________
geda-dev mailing list
geda-dev@moria.seul.org
http://www.seul.org/cgi-bin/mailman/listinfo/geda-dev

References:
- gEDA-dev: gEDA 1.4.2 fixes
  - From: Peter Clifton
- Re: gEDA-dev: gEDA 1.4.2 fixes
  - From: Wojciech Kazubski

Prev by Date: Re: gEDA-dev: gEDA 1.4.2 fixes
Next by Date: Re: gEDA-dev: Wikipedia entry vs. Windows port
Prev by thread: Re: gEDA-dev: gEDA 1.4.2 fixes
Next by thread: gEDA-dev: [Fwd: Fwd: gEDA 1.4.2 fixes - sch2eaglepos.sh]
Index(es):
- Date
- Thread