Bug#291122: temporary file security hole in mysqlaccess

Tue, 18 Jan 2005 13:53:44 -0800 

Package: mysql-dfsg
Severity: grave
Tags: security patch

There is a security hole in the mysqlaccess script, as described here:
http://www.vuxml.org/freebsd/ce109fd4-67f3-11d9-a9e7-0001020eed82.html

I've attached a patch taken from Ubuntu.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

-- 
see shy jo

diff -Nur mysql-dfsg-4.0.23/scripts/mysqlaccess.sh 
mysql-dfsg-4.0.23.new/scripts/mysqlaccess.sh
--- mysql-dfsg-4.0.23/scripts/mysqlaccess.sh    2005-01-18 13:45:56.363964096 
+0100
+++ mysql-dfsg-4.0.23.new/scripts/mysqlaccess.sh        2005-01-18 
13:46:29.920862672 +0100
@@ -3,6 +3,7 @@
 package MySQLaccess;
 #use strict;
 use POSIX qw(tmpnam);
+use File::Temp qw/ tempfile tempdir /;
 use Fcntl;
 
 BEGIN {
@@ -32,7 +33,6 @@
        $ACCESS_U_BCK = 'user_backup';   
        $ACCESS_D_BCK = 'db_backup';     
         $DIFF      = '/usr/bin/diff'; 
-        $TMP_PATH  = '/tmp';             #path to writable tmp-directory
         $MYSQLDUMP = '@bindir@/mysqldump';
                                          #path to mysqldump executable
 
@@ -583,8 +583,6 @@
 push(@MySQLaccess::Grant::Error,'not_found_mysql')     if !(-x $MYSQL);
 push(@MySQLaccess::Grant::Error,'not_found_diff')      if !(-x $DIFF);
 push(@MySQLaccess::Grant::Error,'not_found_mysqldump') if !(-x $MYSQLDUMP);
-push(@MySQLaccess::Grant::Error,'not_found_tmp')       if !(-d $TMP_PATH);
-push(@MySQLaccess::Grant::Error,'write_err_tmp')       if !(-w $TMP_PATH);
 if (@MySQLaccess::Grant::Error) {
    MySQLaccess::Report::Print_Error_Messages() ;
    exit 0;
@@ -1783,9 +1781,10 @@
    @before = sort(@before);
    @after  = sort(@after);
 
-   $before = "$MySQLaccess::TMP_PATH/$MySQLaccess::script.before.$$";
-   $after  = "$MySQLaccess::TMP_PATH/$MySQLaccess::script.after.$$";
-   #$after = "/tmp/t0";
+   $before = new File::Temp ( Template => "$MySQLaccess::script.XXXXXX", 
SUFFIX => ".before" ) or
+    die "Cannot create temporary file: $!" ;
+   $after = new File::Temp ( Template => "$MySQLaccess::script.XXXXXX", SUFFIX 
=> ".after" ) or 
+    die "Cannot create temporary file: $!" ;
    open(BEFORE,"> $before") ||
     push(@MySQLaccess::Report::Errors,"Can't open temporary file $before for 
writing");
    open(AFTER,"> $after") ||

Attachment: signature.asc
Description: Digital signature

Reply via email to