mc uses predictable temp directory path

Bug #129133 reported by Dylan on 2007-07-29
258
Affects Status Importance Assigned to Milestone
mc (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: mc

The Midnight Commander VirtualFS will expand temporary files (EG: files in rar, zip, etc) to a temporary directory for operations like view, edit, copy, etc.

HOWEVER, while my TMP and TEMP are set to a subdir of my home directory, MC's virtual FS will expand things to a directory named /tmp/mc-$username -- IGNORING these settings! This causes quite a bit of trouble when things like /tmp are not writable, and when the /tmp directory has less space than required for copying the file (which is a precondition the VirutalFS does *not* test!).

Given the predictable naming and "silent failure" mode of the VirtualFS when it copies a file too large and fills /tmp, this appears to be a security bug as well since it could be used to DoS tmp.

Kees Cook (kees) wrote :

Thanks for the report! Reading the source, it seems the environment you want for the temp dir is TMPDIR rather than TMP or TEMP.

However, there does still appear to be a directory creation race condition for the temp directory, so I'll leave this bug open and change the title slightly.

Changed in mc:
importance: Undecided → Low
status: New → Confirmed
Maarten Bezemer (veger) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. We are sorry that we do not always have the capacity to look at all reported bugs in a timely manner. There have been many changes in Ubuntu since that time you reported the bug and your problem may have been fixed with some of the updates. It would help us a lot if you could test it on a currently supported Ubuntu version. When you test it and it is still an issue, kindly upload the updated logs by running apport-collect 129133 and any other logs that are relevant for this particular issue.

Changed in mc (Ubuntu):
status: Confirmed → Incomplete
Launchpad Janitor (janitor) wrote :

[Expired for mc (Ubuntu) because there has been no activity for 60 days.]

Changed in mc (Ubuntu):
status: Incomplete → Expired
Yury V. Zaytsev (zyv) wrote :

There used to be a similar bug in Debian or upstream bugzilla if I remember correctly. They should be connected together and taken care of.

Changed in mc (Ubuntu):
status: Expired → New
Changed in mc (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers