On Mon, Feb 13, 2006 at 10:29:40PM +0100, Marc 'HE' Brockschmidt wrote:
> severity 352723 important
> thanks
>
> Julian Gilbey <[EMAIL PROTECTED]> writes:
> > Line 1627 of /usr/bin/dpkg-sig reads:
> >
> > $DEBUG && (open (LOG, ">", "/tmp/dpkg-sig.log") || die _die("Couldn't
> > open log: $!"));
> >
> > This is assuming that this file does not exist, is not a symlink and
> > so on. This is a security hole and should be fixed by using a safe
> > filename.
>
> This is a write-only file in a quite obscure way to run the program,
> which should only be used by its developers. This is by no means a grave
> bug, severity-inflation fixed.
OK, fair enough.
> > Patch attached.
>
> As this patch changes random other stuff all over the place, I'm not
> willing to apply it. Either you provide something less invasive or wait
> for me to do this myself this or next week.
Oops, sorry. The things which are not related or shouldn't be there:
- the "my $caller = (caller)[2];" line in get_ssh_connection; that's
cruft from my debugging
- the change of $& to $1 in line 1460:
$remote_ssh_port =~ s/^\s*(\d+)\s*$/-p $&/;
Everything else is directly related to the change from a fixed
filename to a generated filename.
An altogether different approach would be to log the communication at
the local end rather than at the remote end.
> > Other comments while I'm here:
> > (1) You don't need the & in front of sub names; they'll work quite
> > happily without it.
>
> I know that quite well, but this is a matter of personal coding style.
Indeed. The only significant difference is that if you want to use
prototype checking, you cannot use the &.
> > (2) -o for a remote ssh port number is a horrid choice: -o is normally
> > an output file; -P would be much better (matching scp, for example).
>
> -P was my first choice, but due to the limitations of the used
> Getopt::Long module (which is not able to see the difference between -p
> and -P) and the already existing "-p" short option for
> --cache-passphrase, something else needed to be chosen. As all other
> choices are equally bad, I used -o.
Getopt::Long::Configure("no_ignore_case");
Julian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
