Bug#324193: marked as done (lm-sensors: Insecure tempfile usage in pwmconfig)

[Debian Bug Tracking System]

Your message dated Sat, 20 Aug 2005 17:17:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#324193: fixed in lm-sensors 1:2.9.1-7
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Aug 2005 20:21:11 +0000
>From [EMAIL PROTECTED] Sat Aug 20 13:21:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from farad.aurel32.net [82.232.2.251] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1E6Zq3-0008VI-00; Sat, 20 Aug 2005 13:21:11 -0700
Received: from bode.aurel32.net ([2001:618:400:fc13:211:9ff:feed:c498])
        by farad.aurel32.net with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1E6Zq1-0005zD-KB; Sat, 20 Aug 2005 22:21:09 +0200
Received: from aurel32 by bode.aurel32.net with local (Exim 4.52)
        id 1E6Zq5-0007jl-CY; Sat, 20 Aug 2005 22:21:13 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
From: Aurelien Jarno <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: lm-sensors: Insecure tempfile usage in pwmconfig
X-Mailer: reportbug 3.15
Date: Sat, 20 Aug 2005 22:21:13 +0200
Message-Id: <[EMAIL PROTECTED]>
Sender: Aurelien Jarno <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
        HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: lm-sensors
Version: 1:2.9.1-5
Severity: grave
Tags: security patch

lm-sensors's configuration script pwmconfig, which is used, generally as
root, to probe the fan controls and generate a new configuration file,
uses files under /tmp in an unsafe way which makes it possible to
conduct symlink attacks. The temporary filename used to create a
temporary configuration file is hardcoded to '/tmp/fancontrol'.


Thanks to Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> who first
reported me the bug.


--- pwmconfig.orig      2005-08-05 18:36:40.000000000 +0200
+++ pwmconfig   2005-08-05 18:37:47.000000000 +0200
@@ -465,9 +465,11 @@
 function SaveConfig {
        echo
        echo "Saving configuration to $FCCONFIG..."
-       egrep -v '(INTERVAL|FCTEMPS|FCFANS|MAXTEMP|MINTEMP|MINSTART|MINSTOP)' 
$FCCONFIG >/tmp/fancontrol
-       echo -e 
"INTERVAL=$INTERVAL\nFCTEMPS=$FCTEMPS\nFCFANS=$FCFANS\nMINTEMP=$MINTEMP\nMAXTEMP=$MAXTEMP\nMINSTART=$MINSTART\nMINSTOP=$MINSTOP"
 >>/tmp/fancontrol
-       mv /tmp/fancontrol $FCCONFIG
+       tmpfile=`tempfile` || { echo "$0: Cannot create temporary file" >&2; 
exit 1;  }
+       trap " [ -f \"$tmpfile\" ] && /bin/rm -f -- \"$tmpfile\"" 0 1 2 3 13 15
+       egrep -v '(INTERVAL|FCTEMPS|FCFANS|MAXTEMP|MINTEMP|MINSTART|MINSTOP)' 
$FCCONFIG >$tmpfile
+       echo -e 
"INTERVAL=$INTERVAL\nFCTEMPS=$FCTEMPS\nFCFANS=$FCFANS\nMINTEMP=$MINTEMP\nMAXTEMP=$MAXTEMP\nMINSTART=$MINSTART\nMINSTOP=$MINSTOP"
 >>$tmpfile
+       mv $tmpfile $FCCONFIG
        #check if file was written correctly
        echo 'Configuration saved'
 }

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8)

Versions of packages lm-sensors depends on:
ii  debconf [debconf-2.0]         1.4.57     Debian configuration management sy
ii  libc6                         2.3.5-3    GNU C Library: Shared libraries an
ii  libsensors3                   1:2.9.1-5  library to read temperature/voltag
ii  makedev                       2.3.1-78   creates device files in /dev
ii  perl                          5.8.7-4    Larry Wall's Practical Extraction 
ii  sed                           4.1.4-2    The GNU sed stream editor
ii  sysvinit                      2.86.ds1-1 System-V like init
ii  ucf                           2.001      Update Configuration File: preserv

Versions of packages lm-sensors recommends:
ii  kernel-image-2.6.12 [kernel 10.00.Custom Linux kernel binary image for vers
ii  lm-sensors-2.4.27-2-k7 [lm- 1:2.9.1-5    kernel drivers to read temperature

-- debconf information excluded

---------------------------------------
Received: (at 324193-close) by bugs.debian.org; 21 Aug 2005 00:23:24 +0000
>From [EMAIL PROTECTED] Sat Aug 20 17:23:24 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1E6dWM-0005jr-00; Sat, 20 Aug 2005 17:17:06 -0700
From: Aurelien Jarno <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#324193: fixed in lm-sensors 1:2.9.1-7
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 20 Aug 2005 17:17:06 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-4.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
        HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: lm-sensors
Source-Version: 1:2.9.1-7

We believe that the bug you reported is fixed in the latest version of
lm-sensors, which is due to be installed in the Debian FTP archive:

kernel-patch-2.4-lm-sensors_2.9.1-7_all.deb
  to pool/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-7_all.deb
libsensors-dev_2.9.1-7_hppa.deb
  to pool/main/l/lm-sensors/libsensors-dev_2.9.1-7_hppa.deb
libsensors-dev_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/libsensors-dev_2.9.1-7_i386.deb
libsensors-dev_2.9.1-7_mips.deb
  to pool/main/l/lm-sensors/libsensors-dev_2.9.1-7_mips.deb
libsensors-dev_2.9.1-7_powerpc.deb
  to pool/main/l/lm-sensors/libsensors-dev_2.9.1-7_powerpc.deb
libsensors-dev_2.9.1-7_sparc.deb
  to pool/main/l/lm-sensors/libsensors-dev_2.9.1-7_sparc.deb
libsensors3_2.9.1-7_hppa.deb
  to pool/main/l/lm-sensors/libsensors3_2.9.1-7_hppa.deb
libsensors3_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/libsensors3_2.9.1-7_i386.deb
libsensors3_2.9.1-7_mips.deb
  to pool/main/l/lm-sensors/libsensors3_2.9.1-7_mips.deb
libsensors3_2.9.1-7_powerpc.deb
  to pool/main/l/lm-sensors/libsensors3_2.9.1-7_powerpc.deb
libsensors3_2.9.1-7_sparc.deb
  to pool/main/l/lm-sensors/libsensors3_2.9.1-7_sparc.deb
lm-sensors-2.4.27-2-386_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/lm-sensors-2.4.27-2-386_2.9.1-7_i386.deb
lm-sensors-2.4.27-2-586tsc_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/lm-sensors-2.4.27-2-586tsc_2.9.1-7_i386.deb
lm-sensors-2.4.27-2-686-smp_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/lm-sensors-2.4.27-2-686-smp_2.9.1-7_i386.deb
lm-sensors-2.4.27-2-686_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/lm-sensors-2.4.27-2-686_2.9.1-7_i386.deb
lm-sensors-2.4.27-2-k6_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/lm-sensors-2.4.27-2-k6_2.9.1-7_i386.deb
lm-sensors-2.4.27-2-k7-smp_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/lm-sensors-2.4.27-2-k7-smp_2.9.1-7_i386.deb
lm-sensors-2.4.27-2-k7_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/lm-sensors-2.4.27-2-k7_2.9.1-7_i386.deb
lm-sensors-source_2.9.1-7_all.deb
  to pool/main/l/lm-sensors/lm-sensors-source_2.9.1-7_all.deb
lm-sensors_2.9.1-7.diff.gz
  to pool/main/l/lm-sensors/lm-sensors_2.9.1-7.diff.gz
lm-sensors_2.9.1-7.dsc
  to pool/main/l/lm-sensors/lm-sensors_2.9.1-7.dsc
lm-sensors_2.9.1-7_hppa.deb
  to pool/main/l/lm-sensors/lm-sensors_2.9.1-7_hppa.deb
lm-sensors_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/lm-sensors_2.9.1-7_i386.deb
lm-sensors_2.9.1-7_mips.deb
  to pool/main/l/lm-sensors/lm-sensors_2.9.1-7_mips.deb
lm-sensors_2.9.1-7_powerpc.deb
  to pool/main/l/lm-sensors/lm-sensors_2.9.1-7_powerpc.deb
lm-sensors_2.9.1-7_sparc.deb
  to pool/main/l/lm-sensors/lm-sensors_2.9.1-7_sparc.deb
sensord_2.9.1-7_hppa.deb
  to pool/main/l/lm-sensors/sensord_2.9.1-7_hppa.deb
sensord_2.9.1-7_i386.deb
  to pool/main/l/lm-sensors/sensord_2.9.1-7_i386.deb
sensord_2.9.1-7_mips.deb
  to pool/main/l/lm-sensors/sensord_2.9.1-7_mips.deb
sensord_2.9.1-7_powerpc.deb
  to pool/main/l/lm-sensors/sensord_2.9.1-7_powerpc.deb
sensord_2.9.1-7_sparc.deb
  to pool/main/l/lm-sensors/sensord_2.9.1-7_sparc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <[EMAIL PROTECTED]> (supplier of updated lm-sensors package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 20 Aug 2005 22:12:54 +0200
Source: lm-sensors
Binary: lm-sensors-2.4.27-2-386 lm-sensors-source lm-sensors-2.4.27-2-k7 
libsensors-dev lm-sensors-2.4.27-2-k7-smp lm-sensors-2.4.27-2-586tsc lm-sensors 
sensord kernel-patch-2.4-lm-sensors lm-sensors-2.4.27-2-686 
lm-sensors-2.4.27-2-k6 lm-sensors-2.4.27-2-686-smp libsensors3
Architecture: all hppa i386 mips powerpc source sparc 
Version: 1:2.9.1-7
Distribution: unstable
Urgency: high
Maintainer: Aurelien Jarno <[EMAIL PROTECTED]>
Changed-By: Aurelien Jarno <[EMAIL PROTECTED]>
Description: 
 libsensors-dev - lm-sensors development kit
 libsensors3 - library to read temperature/voltage/fan sensors
 lm-sensors - utilities to read temperature/voltage/fan sensors
 sensord    - hardware sensor information logging daemon
Closes: 324193
Changes: 
 lm-sensors (1:2.9.1-7) unstable; urgency=high
 .
   * Urgency set to high due to security fix.
   * Fixed and insecure tempfile usage in pwmconfig. Thanks to Javier
     Fernández-Sanguino Peña <[EMAIL PROTECTED]> for the bug report and the
     patch (closes: bug#324193).
Files: 
 0516aaf8e29df8c9649895b4172823ef 258084 utils extra 
lm-sensors-2.4.27-2-386_2.9.1-7_i386.deb
 0585b3d2ac5e5606097833356767f1f7 941732 misc extra 
lm-sensors-source_2.9.1-7_all.deb
 0aa708156bb116d038268c1968e54f00 1086 utils extra lm-sensors_2.9.1-7.dsc
 1787514e5eb011bc4c20274fc963b5d5 107066 libdevel extra 
libsensors-dev_2.9.1-7_powerpc.deb
 1e62f1a2097bee1ebf426d8f381af6fa 258026 utils extra 
lm-sensors-2.4.27-2-586tsc_2.9.1-7_i386.deb
 210ffba71baecdf9813d250a4548a2b1 474082 utils extra lm-sensors_2.9.1-7_hppa.deb
 36c2b2092c0a7aeb6993b3e4cb9bebff 100668 libdevel extra 
libsensors-dev_2.9.1-7_sparc.deb
 493108678d39c69d36345a4825cfcd39 304740 devel extra 
kernel-patch-2.4-lm-sensors_2.9.1-7_all.deb
 4fac1b4f1e79e9c4ccfa65f5478d67bd 33521 utils extra lm-sensors_2.9.1-7.diff.gz
 6aa7e28a0349ae4c107c84aa08e11ffa 258104 utils extra 
lm-sensors-2.4.27-2-k6_2.9.1-7_i386.deb
 72fe5179b837f867deb3c8bf2f86155c 469182 utils extra lm-sensors_2.9.1-7_i386.deb
 748e4a1ada4ab6a3919d1b5eff45b9dd 471554 utils extra 
lm-sensors_2.9.1-7_powerpc.deb
 798123a11b44866e257a2fcad8b898ca 258518 utils extra 
lm-sensors-2.4.27-2-686-smp_2.9.1-7_i386.deb
 7a4b6e65ab67b821ca5126f4224cb4a2 59448 utils extra sensord_2.9.1-7_hppa.deb
 840e4b15760ea78e1504a674c9eae9fd 258856 utils extra 
lm-sensors-2.4.27-2-k7-smp_2.9.1-7_i386.deb
 9164834eca8b10bb84f5c63904fa4394 469068 utils extra lm-sensors_2.9.1-7_mips.deb
 9c5bed74ce03f94e5ce7ae1908e15386 93186 libdevel extra 
libsensors-dev_2.9.1-7_i386.deb
 a19218e71ef3fe21df879496fe84f29a 82132 libs optional 
libsensors3_2.9.1-7_mips.deb
 ae355a7965b87190c50e7288bfce1398 77504 libs optional 
libsensors3_2.9.1-7_i386.deb
 b46c41f23141c6f79a62977cce90fd60 467912 utils extra 
lm-sensors_2.9.1-7_sparc.deb
 c678a0c2e5a21b8e245b0c9b0e91d2bc 59266 utils extra sensord_2.9.1-7_mips.deb
 cab3debe919916b807439a65294d4173 258368 utils extra 
lm-sensors-2.4.27-2-k7_2.9.1-7_i386.deb
 d04b1103cb3fb687cf1a5a962c3754e9 56180 utils extra sensord_2.9.1-7_i386.deb
 da4616930c9a272b87d4660bb955c6c5 56872 utils extra sensord_2.9.1-7_sparc.deb
 dbc952fa5d0e1a3320afa93e593f2a39 85302 libs optional 
libsensors3_2.9.1-7_powerpc.deb
 dd2adf9e678fdab7e7f1dbaca3173b44 81968 libs optional 
libsensors3_2.9.1-7_sparc.deb
 e260695ab74bd63805dc016441fed720 103650 libdevel extra 
libsensors-dev_2.9.1-7_mips.deb
 e38912090e5083e8f2f320d9b66f1275 104894 libdevel extra 
libsensors-dev_2.9.1-7_hppa.deb
 ec9414cc5fe31750d1ac6eb77bcf04a8 258078 utils extra 
lm-sensors-2.4.27-2-686_2.9.1-7_i386.deb
 f4fdf9a4e6730892154e7dadcf668703 89014 libs optional 
libsensors3_2.9.1-7_hppa.deb
 fe6f24f759921708b42d03e987a716d2 59310 utils extra sensord_2.9.1-7_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDB8Yww3ao2vG823MRAo0XAJ90DZfFg6t7eyXJcZ/MCdrO/OIUlwCfbkPS
mwy8X0LTERAkDvBFava7a3E=
=lk2F
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]