Security issue if /tmp/pacui-diff.sh already exists

[HaleTom]

Possible security issue:

If /tmp/pacui-diff.sh already exists with with 777 permissions, then it could be modified between being written to and being executed.

(ins)ravi@svelte:~/tmp$ touch temp
(ins)ravi@svelte:~/tmp$ chmod 777 temp
(ins)ravi@svelte:~/tmp$ echo foo > temp
(ins)ravi@svelte:~/tmp$ ls -l temp
-rwxrwxrwx 1 ravi ravi 4 Feb 16 19:08 temp
(ins)ravi@svelte:~/tmp$ 

Consider using mktemp to ensure you have a unique filename with the permissions only for the owner.

[excalibur1234]

i am thinking about removing that file and replacing it with a function within pacui. but give me some time to do that.

alternatively, i will look into mktemp.

[excalibur1234]

this should be fixed with the latest patches, which move the code from /tmp/pacui-diff.sh to the function "func_diff" within pacui itself. it is being called with "pacui --diff".

is this a security risk as well (calling pacui itself from within pacui)?

[HaleTom]

That patch LGTM.

As long as they are siloed, it should be fine, eg the "child" pacui will not try to read the same file being written to by the parent.

[excalibur1234]

thanks for looking over it.

func_diff is simply a wrapper, which adds an extra line with the name of 2 files being compared. then, "diff" is called to display the differences between 2 files. "pacdiff" manages all old and new files and calls func_diff, if the user has to decide, which file to delete and which to keep.

so, there cannot be any problem with func_diff (called by "pacui --diff") and pacui calling the same file.