insecure file handling in geoip package
Anatoly Pugachev
mator at team.co.ru
Mon Apr 5 08:10:34 UTC 2010
Hello!
Can you please update file /usr/local/bin/geoipupdate.sh
in GeoIP freebsd package to handle downloaded file in a more secure
manner, i.e. with using mktemp:
#!/bin/sh
TMPFILE=`mktemp /tmp/geoip.XXXXXX` || exit 1
fetch -o $TMPFILE http://64.246.48.99/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gzip -dc $TMPFILE > /usr/local/share/GeoIP/GeoIP.dat
rm $TMPFILE
Since this shell script is usually put in cron with root account, attacker
can use unix-symlink attack. Thanks.
More information about the freebsd-bugbusters
mailing list