Bug#622794: atop: diff for NMU version 1.23-1.1

Mon, 01 Aug 2011 07:45:23 -0700 

tags 622794 + patch
tags 622794 + pending
thanks

Dear maintainer,

I've prepared an NMU for atop (versioned as 1.23-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Be advised that if no problems are found, I will be applying to the Release
Team for permission to upload the same fixes to stable and oldstable.

Regards.

-- 
Jonathan Wiltshire                                      j...@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

diff -u atop-1.23/acctproc.c atop-1.23/acctproc.c
--- atop-1.23/acctproc.c
+++ atop-1.23/acctproc.c
@@ -126,7 +126,7 @@
 #include "photoproc.h"
 #include "acctproc.h"
 
-#define	ACCTDIR		"/tmp/atop.d"
+#define	ACCTDIR		"/var/run/atop"
 #define	ACCTFILE	"atop.acct"
 #define	ACCTENV		"ATOPACCT"
 
@@ -331,7 +331,7 @@
 	if (semctl(semid, 1, GETVAL, 0) == SEMTOTAL)
 	{
 		/*
-		** create a new separate directory below /tmp
+		** create a new separate directory below /var/run
 		** for the accounting file;
 		** if this directory exists (e.g. previous atop-run killed)
 		** it will be cleaned and newly created
diff -u atop-1.23/debian/changelog atop-1.23/debian/changelog
--- atop-1.23/debian/changelog
+++ atop-1.23/debian/changelog
@@ -1,3 +1,10 @@
+atop (1.23-1.1) unstable; urgency=high
+
+  * Fix CVE-2011-XXXX: Insecure use of a temporary files rawlog.c and
+    acctproc.c (Closes: #622794)
+
+ -- Jonathan Wiltshire <j...@debian.org>  Mon, 01 Aug 2011 15:35:16 +0100
+
 atop (1.23-1) unstable; urgency=low
 
   * fixed typo (Closes: #467447)
diff -u atop-1.23/rawlog.c atop-1.23/rawlog.c
--- atop-1.23/rawlog.c
+++ atop-1.23/rawlog.c
@@ -477,18 +477,18 @@
 		*/
 		fprintf(stderr, "Decompressing logfile ....\n");
 
-		snprintf(tmpname2, sizeof tmpname2, "/tmp/atopwrk%d", getpid());
-		snprintf(command,  sizeof command, "gunzip -c %s > %s",
-							tmpname1, tmpname2);
-		system (command);
+		snprintf(tmpname2, sizeof tmpname2, "/tmp/atopwrkXXXXXX");
 
-		if ( (rawfd = open(tmpname2, O_RDONLY)) == -1)
+		if ( (rawfd = mkstemp(tmpname2)) == -1)
 		{
 			fprintf(stderr, "%s - ", rawname);
 			perror("open decompressed raw file");
 			cleanstop(7);
 		}
 
+		snprintf(command,  sizeof command, "gunzip -c %s > %s",
+							tmpname1, tmpname2);
+		system (command);
 		unlink(tmpname2);
 	}

Attachment: signature.asc
Description: Digital signature

Reply via email to