FS#774 : gensync uses temp directory insecurely

FS#774 - gensync uses temp directory insecurely

Attached to Project: Pacman
Opened by Oliver Burnett-Hall (olly-bh) - Saturday, 17 April 2004, 20:16 GMT
Last edited by Judd Vinet (judd) - Sunday, 18 April 2004, 18:14 GMT

Task Type	Bug Report
Category
Status	Closed
Assigned To	Judd Vinet (judd)
Architecture	not specified
Severity	Medium
Priority	Normal
Reported Version	0.7 Wombat
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

gensync always uses /tmp/.gensync/ to build the repository database.

As the directory name is entirely predictable this is not secure - e.g. one user can stop another from using gensync by creating a file /tmp/.gensync.

The attached patch fixes this by using a random name for the temp directory. It will also mean the temporary directory goes in $TMPDIR if this is different from /tmp.

- olly

~~gensync.patch~~ (1.8 KiB)

This task depends upon

Closed by Judd Vinet (judd)
Tuesday, 27 April 2004, 18:13 GMT
Reason for closing: Fixed

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#774 - gensync uses temp directory insecurely

Details

Loading...