Comment 6 for bug 11320

Message-ID: <email address hidden>
Date: Mon, 20 Dec 2004 15:20:40 +0000
From: Colin Watson <email address hidden>
To: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>,
 <email address hidden>, <email address hidden>
Subject: Re: Bug#286371: pic2graph: Vulnerable to symlink attack through temporary file

On Sun, Dec 19, 2004 at 11:18:13PM +0100, Javier Fern�ez-Sanguino Pe�rote:
> Package: groff
> Version: 1.18.1.1-3
> Priority: important
> Tags: security
>
> The pic2graph script does not protect itself from temporary filename
> attacks since it creates file in an insecure manner (the process PID
> is not suffient to avoid and attack) and does not check
> if the temporary file it uses exists before using them.
>
> The attached patch fixes this behaviour.

Thanks. This and #286372 were both fixed upstream a while back in a
somewhat more elaborate way, so I'm taking their patch.

> PS: I initially reported this to the security team back in June,
> but have not found time to follow up on this issue until today.
> Security team, please check
> Resent-Message-ID: <email address hidden>

groff in stable didn't have either pic2graph or eqn2graph; they were new
features in 1.18. The security team (as opposed to the nascent
secure-testing team) is therefore unlikely to be interested.

Cheers,

--
Colin Watson [<email address hidden>]