Bug#744817: clang-3.5: scan-build: insecure use of /tmp
Sylvestre Ledru
sylvestre at debian.org
Tue Apr 15 12:30:06 UTC 2014
Hello Jakub,
Thanks for this analysis.
FYI, clang 3.3 and 3.4 are most likely impacted too.
On 15/04/2014 00:13, Jakub Wilk wrote:
> Package: clang-3.5
> Version: 1:3.5~svn201651-1
> Severity: important
> Tags: security
>
> The GetHTMLRunDir subroutine creates temporary directories in an
> insecure way:
>
> 1) The directory name is easily predictable:
>
> if (!defined $Dir) {
> $Dir = $ENV{'TMPDIR'} || $ENV{'TEMP'} || $ENV{'TMP'} || "/tmp";
> $TmpMode = 1;
> }
> # [...]
> my $TimeString = sprintf("%02d%02d%02d", $hour, $min, $sec);
> my $DateString = sprintf("%d-%02d-%02d-%s-$$",
> $year, $month, $day, $TimeString);
> # [...]
> if ($TmpMode) {
> $NewDir = "$Dir/$Prog-$DateString-$RunNumber";
> }
For this issue, adding a random number at the end would fix the issue,
right?
> 2) The directory is created with default permissions (instead of 0700).
That will probably be easy to do.
Sylvestre
More information about the Pkg-llvm-team
mailing list