[cdesktopenv-devel] security fix for dtappintegrate

Pascal Stumpf Mon, 22 Jul 2013 16:04:02 -0700

see patch.

>From 30cf6ace3e74a135dd98f8dcbcad70b6f605edb7 Mon Sep 17 00:00:00 2001
From: Pascal Stumpf <pascal.stu...@cubes.de>
Date: Tue, 23 Jul 2013 00:59:23 +0200
Subject: [PATCH] SECURITY fix for dtappintegrate: Use mktemp(1) to generate a
 template.


Using a fixed filename in /tmp is just begging for a symlink attack ...
---
 cde/programs/dtappintegrate/dtappintegrate.src | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cde/programs/dtappintegrate/dtappintegrate.src 
b/cde/programs/dtappintegrate/dtappintegrate.src
index 6a4f8ab..3006a87 100755
--- a/cde/programs/dtappintegrate/dtappintegrate.src
+++ b/cde/programs/dtappintegrate/dtappintegrate.src
@@ -300,7 +300,7 @@ FRONTPANEL_FILES=*.fp
 APPMAN_FILES="(*)"
 
 ID=$(id)
-LOGFILE=/tmp/dtappint.log
+LOGFILE=$(mktemp /tmp/dtappint.logXXXXXXXXXXXXXXXX)
 PATH=CDE_INSTALLATION_TOP/bin:/usr/bin
 
 XCOMM -------------------------------------------------------------------
-- 
1.8.3.1

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk

_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel

[cdesktopenv-devel] security fix for dtappintegrate

Reply via email to