unsafe tempfile handling
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Weather Indicator |
Fix Released
|
Low
|
Vadim Rutkovsky | ||
indicator-weather (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: indicator-weather
indicator-weather does not create temp files securely and has a TOCTOU vulnerability (time of check, time of use). Essentially it does:
pidPath = "/tmp/weather-
if os.path.
... do stuff
else:
self.
if not self.lasterror:
fp=
fp.
fp.close()
This is unsafe as someone could perform tmp file race attacks and overwrite arbitrary files under the uid that indicator-weather runs as. Now, in maverick and later, this is actually not a problem because of kernel protections, but this issue should be fixed regardless. I suggest the use of tempfile.mkstemp() followed by a os.rename() to the pidPath, and exit with error if os.rename() fails.
description: | updated |
security vulnerability: | no → yes |
description: | updated |
Changed in weather-indicator: | |
status: | Confirmed → Fix Committed |
Changed in weather-indicator: | |
status: | Fix Committed → Fix Released |
Changed in indicator-weather (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → Low |
Good idea, we'll use that