Package: mktemp Version: 1.5-2 Severity: normal mktemp can be given templates which expand to the same name at every use. It seems that it will only enter random characters into the "X" letters from the template if they are at the end, so this can easily happen by mistake. This leads to an unexpected denial of service vulnerability, triggered if a file with that name already exists.
Such a mistake in a script can (and did until recently) go unnoticed if, e.g., an erroneously appended ".tmp" suffix leads to a valid, although not randomly named temporary file. This was only noticed when such a file was lingering around from a failed run and the new instance's error message suspiciously still contained all the "X" letters from the template. Consider this example: $ mktemp foo.XXXXXX foo.S26762 $ mktemp foo.XXXXXX foo.i28529 $ mktemp foo.XXXXXX.tmp foo.XXXXXX.tmp $ mktemp foo.XXXXXX.tmp mktemp: cannot create temp file foo.XXXXXX.tmp: File exists The first two mktemp invocation result in two randomly and differently named temporary files, as expected. The third invocation creates a file with a predictable name, and the fourth fails as this file already exists. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-686 Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) Versions of packages mktemp depends on: ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries mktemp recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
