Subject: [ecasound] Fw: Bug#86747: ecawave: insecure and broken tmp-file handling
From: Junichi Uekawa (firstname.lastname@example.org)
Date: Tue Feb 20 2001 - 17:33:11 EET
I have received this bug report regarding ecawave.
Begin forwarded message:
Date: Tue, 20 Feb 2001 15:34:58 +0100 (CET)
From: Robert Bihlmeyer <email@example.com>
Subject: Bug#86747: ecawave: insecure and broken tmp-file handling
ecawave's handling of temporary files is pretty bad:
* Doesn't heed $TMP or $TMPDIR.
* Leaves tempfiles around when exited via window-close.
* Always uses the same file (/tmp/ecawave-clipboard.wav) for swapping out
The last issue is the real bummer. If two users use ecawave and its
clipboard at the same time, one of them will of course be unable to
open the file. She will get a segfault.
Furthermore ecawave follows symlinks when opening the clipboard file.
A malicious user can set-up things so that using ecawave's clipboard
function will clobber any file the victim can write.
Escalation of privileges is improbable, though.
 Or one after another, as the files are not always deleted - see above.
-- System Information
Debian Release: testing/unstable
Kernel Version: Linux hoss 2.4.1ea-hoss #1 Mon Feb 19 11:53:50 CET 2001 i686 unknown
Versions of the packages ecawave depends on:
hi libqt2.2 2.2.4-1 Qt GUI Library (runtime version).
ii libc6 2.2.2-1 GNU C Library: Shared libraries and Timezone
ii libecasound7 1.8.5d15-9 shared libraries for ecasound
ii libkvutils2 1.8.5d15-9 kvutils library required for ecasound
ii libqtecasound1 0.1.2d1-4 ecasound qt version library
ii libstdc++2.10- 2.95.3-5 The GNU stdc++ library
libqt2.2-gl Not installed or no info
-- Netfort: firstname.lastname@example.org Debian: email@example.com dancer, a.k.a. Junichi Uekawa http://www.netfort.gr.jp/~dancer Dept. of Knowledge Engineering and Computer Science, Doshisha University. -- To unsubscribe send message 'unsubscribe' in the body of the message to <firstname.lastname@example.org>.
This archive was generated by hypermail 2b28 : Tue Feb 20 2001 - 17:51:15 EET