Closed Bug 304330 Opened 17 years ago Closed 17 years ago

CVE-2005-2353 run-mozilla.sh temporary file issue

Categories

(Core Graveyard :: Cmd-line Features, defect)

Product:
Core Graveyard
Component:
Cmd-line Features
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: josh, Assigned: dveditz)

References

(
URL
)

Details

(Keywords: fixed-aviary1.0.8, fixed1.7.13, fixed1.8, Whiteboard: [sg:low local])

Attachments

(1 file)

Suggested fix for this issue
1.51 KB, patch
dveditz
: review+
dbaron
: superreview-
asa
: approval1.8b5+
Details | Diff | Splinter Review 
An Ubuntu security advisory fixed a temporary file vulnerability in the
run-mozilla.sh script when run in debug mode.

The run-mozilla.sh script passes gdb arguments from a temporary file which is
named in a manner that makes it fairly easy to guess.  The temporary file should
be created using the mktemp program to ensure proper file permissions and a
unique filename.
Whiteboard: [sg:investigate]
Different patch was originally submitted by the author of the original bug :

http://bugs.debian.org/cgi-bin/bugreport.cgi/mozilla-thunderbird-1.0.diff?bug=306893;msg=5;att=1
Nominating for a closer look based on Frederic's mail.
Flags: blocking1.8b5?
Flags: blocking1.7.13?
Flags: blocking1.7.12?
Flags: blocking-aviary1.0.8?
Flags: blocking-aviary1.0.7?
Flags: blocking1.8b5? → blocking1.8b5+
Assignee: nobody → dveditz
Attachment #192382 - Flags: review?(dveditz)
Whiteboard: [sg:investigate] → [sg:investigate][needs review dveditz]
Is the patch effective? Running out of time for 1.5b2 . ..
Attachment #192382 - Flags: superreview?(dbaron)
Attachment #192382 - Flags: review?(dveditz)
Attachment #192382 - Flags: review+
Attachment #192382 - Flags: approval1.8b5?
DBaron - need SR here.
Comment on attachment 192382 [details] [diff] [review]
Suggested fix for this issue

This patch doesn't actually work because of the spaces around the equals sign
in this line:

>+        mozargs_temp = `mktemp /tmp/mozargs.XXXXXX`

If you fix that, then it works, so sr=dbaron, conditional on removing those two
spaces.
Attachment #192382 - Flags: superreview?(dbaron) → superreview-
That said, I think the patch in comment 2 is preferable (except with the
whitespace cleaned up), both because it uses mktemp -t and because it removes
the temporary file under more conditions.
Comment on attachment 192382 [details] [diff] [review]
Suggested fix for this issue

please re-request approval when you've got a fully reviewed patch.
Attachment #192382 - Flags: approval1.8b5?
Dbaron, can you get that earlier patch in? This bug is stalled and we seem to
want it for beta2.
(In reply to comment #9)
> Dbaron, can you get that earlier patch in? This bug is stalled and we seem to
> want it for beta2.

I was actually about to check this in

fix checked into trunk
Flags: blocking1.7.13?
Flags: blocking1.7.13+
Flags: blocking1.7.12?
Flags: blocking-aviary1.0.8?
Flags: blocking-aviary1.0.8+
Flags: blocking-aviary1.0.7?
Whiteboard: [sg:investigate][needs review dveditz] → [sg:low local]
Attachment #192382 - Flags: approval1.8b5?
Note: RH7.3 doesn't have mktemp -t
Attachment #192382 - Flags: approval1.8b5? → approval1.8b5+
dropped -t and went back to mktemp /tmp/mozargs.XXXXXX

fix checked into the 1.8 branch
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: fixed1.8
Resolution: --- → FIXED
Any hope to get it landed on on 1.0.x aviary branch too ?
Keywords: fixed-aviary1.0.8, fixed1.7.13
Summary: CAN-2005-2353 run-mozilla.sh temporary file issue → CVE-2005-2353 run-mozilla.sh temporary file issue
Product: Core → Core Graveyard
QA Contact: cmd-line
You need to log in before you can comment on or make changes to this bug.