[Debian-ha-maintainers] Bug#633964: pacemaker: configure creates temp files insecurely
Jakub Wilk
jwilk at debian.org
Fri Jul 15 13:08:56 UTC 2011
Source: pacemaker
Version: 1.0.11-1.2
Severity: important
Tags: security
The configure script creates temporary files in an insecure way:
| extract_header_define() {
| AC_MSG_CHECKING(for $2 in $1)
| Cfile=/tmp/extract_define.$2.${$}
| printf "#include <stdio.h>\n" > ${Cfile}.c
| printf "#include <%s>\n" $1 >> ${Cfile}.c
| printf "int main(int argc, char **argv) { printf(\"%%s\", %s); return 0; }\n" $2 >> ${Cfile}.c
| $CC $CFLAGS ${Cfile}.c -o ${Cfile}
| value=`${Cfile}`
| AC_MSG_RESULT($value)
| printf $value
| rm -f ${Cfile}.c ${Cfile}
| }
--
Jakub Wilk
More information about the Debian-ha-maintainers
mailing list