Re: [ecasound] Fw: Bug#86747: ecawave: insecure and broken tmp-file handling

New Message Reply Date view Thread view Subject view Author view Other groups

Subject: Re: [ecasound] Fw: Bug#86747: ecawave: insecure and broken tmp-file handling
From: Robert Bihlmeyer (
Date: Mon Feb 26 2001 - 01:00:14 EET

Kai Vehmanen <> writes:

> > * Doesn't heed $TMP or $TMPDIR.
> True, I've relied solely on 'tmpdir()'.

Replacing tmpnam(0) with tempnam(0, 0) should take care of that. But
you must use O_EXCL on the subsequent open(), or you're open to
symlink attacks. Or just use mkstemp() or tmpfile().

> > * Leaves tempfiles around when exited via window-close.
> This shouldn't happen (=bug). If this happens every time (reproducable),
> I'd like to know exactly the actions/step you do.

Simply start ecawave, "Open", enter file name, "Ok", select a range,

At this moment, /tmp/fileXXXXXX.wav, /tmp/fileYYYYYY.wav, and
/tmp/fileYYYYYY.wav.ews will exist. (The last file is sometimes

Selecting "close" will remove the Y files but not the X file. Closing
the window by means of the window-manager will leave all of the files.
I can reproduce this 100 %.

> > * Always uses the same file (/tmp/ecawave-clipboard.wav) for swapping out
> > clipboard content.
> Nope, you can change this by editing your ~/.ecawaverc (see ecawave
> user's guide).

Ok, but the default is always the same, and even if you put something
different in your rc, it is probably predictable and thus prey to a
symlink attack.

Is there some reason that the clipboard is the same across
invocations? So that you can copy between different windows? Perhaps a
random name could be used - at least subprocesses could get the name
quit easily.

> True, this is pretty bad. The whole tmpfile/clipboard issue is quite
> problematic. The basic problem is file size. Ecawave can create huge
> files (it's designed to handle gigabytes) ...

That's why I use it. Many other sound editors simply thrash the
machine to death on multi-megabyte files.

> and I'm not sure, what is the politically and technically correct
> default location to put these files?

Well, the preferred tmp dir is fine: try $TMP, $TMPDIR, /tmp in that
order - tempnam(), mkstemp(), and tmpfile() will AFAIK do that for
you. tmpnam() won't ...

The other possibility is creating a new subdirectory in the tmp dir
($TMP;$TMPDIR;/tmp; as above), that is owned by the user and mode 755
or less.

> For what it's worth, these issues have been on my todo-list for quite a
> while (replacing all uses of tmpfile() with mkstemp(),

That seems to be a bit of work, since what you're doing now is
generating the name on in one layer, and opening the file in a
completely different one. In short-term fix for the security problems
would be appreciated. I'm a bit overwhelmed by the whole eca* code
base, ATM.

Perhaps just add O_EXCL to wherever the files are really created; use
tmpname instead of tmpnam; randomize the clipboard file like all the
other tmp-files.

To unsubscribe send message 'unsubscribe' in the body of the
message to <>.

New Message Reply Date view Thread view Subject view Author view Other groups

This archive was generated by hypermail 2b28 : Mon Feb 26 2001 - 01:12:08 EET