ports/145425: insecure file handling in geoip package
anatoly pugachev
matorola at gmail.com
Tue Apr 6 09:50:03 UTC 2010
>Number: 145425
>Category: ports
>Synopsis: insecure file handling in geoip package
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 06 09:50:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: anatoly pugachev
>Release: 7.2
>Organization:
>Environment:
FreeBSD host.domain 7.2-STABLE FreeBSD 7.2-STABLE #5: Thu Dec 10 15:57:09 MSK 2009 root at host.domain:/usr/obj/usr/src/sys/IPFGENERIC amd64
>Description:
Can you please update file /usr/local/bin/geoipupdate.sh
from GeoIP-1.4.6 freebsd package to handle downloaded file in a more secure
manner, i.e with use of mktemp ?
Since this shell script is usually put in cron with root account, attacker
can use unix-symlink attack. Thanks.
>How-To-Repeat:
>Fix:
an example of a new update script:
#!/bin/sh
TMPFILE=`mktemp /tmp/geoip.XXXXXX` || exit 1
fetch -o $TMPFILE http://64.246.48.99/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gzip -dc $TMPFILE > /usr/local/share/GeoIP/GeoIP.dat
rm $TMPFILE
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list