Fabre

#737206 /usr/lib/plan9/bin/rc: CVE-2014-1935: insecure use of /tmp #737206

Package:: 9base

Source:: 9base

Description:: Plan 9 userland tools

Submitter:: Jakub Wilk

Date:: 2014-12-03 23:54:18 UTC

Severity:: important

#737206#3

Date:: 2014-01-31 11:03:28 UTC

From:

To:

Murray McAllister from Red Hat Security Response Team discovered that rc
creates temporary files in an insecure way:

$ strace -o '| grep /tmp' ./test-heredoc
open("/tmp/here217f.0000", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 5
open("/tmp/here217f.0000", O_RDONLY|O_LARGEFILE) = 5
moo
unlink("/tmp/here217f.0000")            = 0


As you can see, the filenames are easily predictable, and the O_EXCL
flag is missing.

#737206 /usr/lib/plan9/bin/rc: CVE-2014-1935: insecure use of /tmp #737206

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)