NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Linux Security Auditing Project> 2001-q1

From: Jarno Huuskonen (Jarno.Huuskonenuku.fi)
Date: Sun Feb 04 2001 - 12:07:06 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

xrn-9.02 creates insecure temporary filenames. tempnam.c has a
function called utTempnam that uses getpid() for creating the unique
filename. This filename is then opened with fopen.
Fortunately utTempnam seems to use $TEMPDIR if it's set.

Also utils.c has a utTempFile function that creates a temporary
filename in the same directory as original filename(parameter)
(same problem with getpid() --> fopen).

(Also most? of the sprintf/strcpy/strcat calls don't check
for possible overflow. It might be a good idea to check for a
possibility of remote overflow.)

-Jarno

-- 
Jarno Huuskonen - System Administrator   |  Jarno.Huuskonenuku.fi
University of Kuopio - Computer Center   |  Work:   +358 17 162822
PO BOX 1627, 70211 Kuopio, Finland       |  Mobile: +358 40 5388169

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]