Mailinglist Archive: opensuse-bugs (15112 mails)

[bugzilla_noreply@xxxxxxxxxx]

https://bugzilla.novell.com/show_bug.cgi?id=327370

           Summary: opensuse-updater-gnome /tmp problem
           Product: openSUSE 10.3
           Version: RC 1
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Critical
          Priority: P5 - None
         Component: libzypp
        AssignedTo: jkupec@xxxxxxxxxx
        ReportedBy: meissner@xxxxxxxxxx
         QAContact: kkaempf@xxxxxxxxxx
                CC: coolo@xxxxxxxxxx, security-team@xxxxxxx
          Found By: ---


/src/zypp/updater-zypper-gui.c

  fp = g_fopen("/tmp/spawn-zypper", "w+");
  /* g_printf("Command complete: %s\n", command_complete->str); */
  gint cc = g_fprintf(fp, "%s \n", command_complete->str);
  fclose(fp);
  /* g_print("Character Count written to file: %d\n", cc); */
  g_chmod("/tmp/spawn-zypper", 0700);

  g_shell_parse_argv ("sh /tmp/spawn-zypper", &argc, &argv, NULL);


- bad /tmp problem, anyone could smuggle in a spawn-zypper file.
- why don't you just strart command_complete->str and not use a
  /tmp file?


-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.