Bug#622794: atop: diff for NMU version 1.23-1.1

Mon, 01 Aug 2011 08:03:15 -0700 

On Mon, Aug 01, 2011 at 03:41:57PM +0100, Jonathan Wiltshire wrote:
> I've prepared an NMU for atop (versioned as 1.23-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.

Sorry, here is the correct patch.


-- 
Jonathan Wiltshire                                      j...@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

diff --git a/acctproc.c b/acctproc.c
index 067ace8..3b71c42 100644
--- a/acctproc.c
+++ b/acctproc.c
@@ -126,7 +126,7 @@ static const char rcsid[] = "$Id: acctproc.c,v 1.26 
2008/03/06 08:37:25 gerlof E
 #include "photoproc.h"
 #include "acctproc.h"
 
-#define        ACCTDIR         "/tmp/atop.d"
+#define        ACCTDIR         "/var/run/atop"
 #define        ACCTFILE        "atop.acct"
 #define        ACCTENV         "ATOPACCT"
 
@@ -331,7 +331,7 @@ acctswon(void)
        if (semctl(semid, 1, GETVAL, 0) == SEMTOTAL)
        {
                /*
-               ** create a new separate directory below /tmp
+               ** create a new separate directory below /var/run
                ** for the accounting file;
                ** if this directory exists (e.g. previous atop-run killed)
                ** it will be cleaned and newly created
diff --git a/debian/changelog b/debian/changelog
index e33c0c1..b890434 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+atop (1.23-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2011-XXXX: Insecure use of a temporary files rawlog.c and
+    acctproc.c (Closes: #622794)
+
+ -- Jonathan Wiltshire <j...@debian.org>  Mon, 01 Aug 2011 15:35:16 +0100
+
 atop (1.23-1) unstable; urgency=low
 
   * fixed typo (Closes: #467447)
diff --git a/rawlog.c b/rawlog.c
index 31f93a2..086d93c 100644
--- a/rawlog.c
+++ b/rawlog.c
@@ -477,18 +477,18 @@ rawread(unsigned int begintime, unsigned int endtime)
                */
                fprintf(stderr, "Decompressing logfile ....\n");
 
-               snprintf(tmpname2, sizeof tmpname2, "/tmp/atopwrk%d", getpid());
-               snprintf(command,  sizeof command, "gunzip -c %s > %s",
-                                                       tmpname1, tmpname2);
-               system (command);
+               snprintf(tmpname2, sizeof tmpname2, "/tmp/atopwrkXXXXXX");
 
-               if ( (rawfd = open(tmpname2, O_RDONLY)) == -1)
+               if ( (rawfd = mkstemp(tmpname2)) == -1)
                {
                        fprintf(stderr, "%s - ", rawname);
                        perror("open decompressed raw file");
                        cleanstop(7);
                }
 
+               snprintf(command,  sizeof command, "gunzip -c %s > %s",
+                                                       tmpname1, tmpname2);
+               system (command);
                unlink(tmpname2);
        }

Attachment: signature.asc
Description: Digital signature

Reply via email to