ghs2015 / gource

Automatically exported from code.google.com/p/gource
0 stars 0 forks source link

predictable temporary filename #65

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
A Debian bug report [1] notes that Gource creates its log file with a
predictable name (/tmp/gource-$(UID).tmp), which a malicious user could use
to overwrite arbitrary files via a symlink attack, with the privileges of
the user running Gource.

Fedora 12 and higher contain Gource and are affected by this issue. This
has been marked as a security issue in the fedora bug report[2].

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958
[2] https://bugzilla.redhat.com/show_bug.cgi?id=582781

Original issue reported on code.google.com by siddhesh...@gmail.com on 16 Apr 2010 at 5:31

GoogleCodeExporter commented 9 years ago
I've made a bug fix release to address this:
http://gource.googlecode.com/files/gource-0.26b.tar.gz

This is the patch applied to the debian package, if you just want that:

http://git.debian.org/?p=collab-maint/gource.git;a=patch;h=5aa2c8adfbe0ec3e5d802
bfae8e5572562d911c7

Original comment by acaudw...@gmail.com on 16 Apr 2010 at 7:49