[ecasound] Fw: Bug#86747: ecawave: insecure and broken tmp-file handling

New Message	Reply	Date view	Thread view	Subject view	Author view	Other groups

Subject: [ecasound] Fw: Bug#86747: ecawave: insecure and broken tmp-file handling
From: Junichi Uekawa (dancer@netfort.gr.jp)
Date: Tue Feb 20 2001 - 17:33:11 EET

Next message: Kai Vehmanen: "[ecasound] ecasound and ALSA (Re: 0.9.0beta1 is out)"
Previous message: ben@slumber.dhs.org: "[ecasound] ecawave fadein/fadeout bug"
Next in thread: Kai Vehmanen: "Re: [ecasound] Fw: Bug#86747: ecawave: insecure and broken tmp-file handling"
Reply: Kai Vehmanen: "Re: [ecasound] Fw: Bug#86747: ecawave: insecure and broken tmp-file handling"

I have received this bug report regarding ecawave.

Begin forwarded message:

Date: Tue, 20 Feb 2001 15:34:58 +0100 (CET)
From: Robert Bihlmeyer <robbe@orcus.priv.at>
To: submit@bugs.debian.org
Subject: Bug#86747: ecawave: insecure and broken tmp-file handling

Package: ecawave
Version: 0.3.3d3-3
Severity: grave

ecawave's handling of temporary files is pretty bad:

* Doesn't heed $TMP or $TMPDIR.
* Leaves tempfiles around when exited via window-close.
* Always uses the same file (/tmp/ecawave-clipboard.wav) for swapping out
clipboard content.

The last issue is the real bummer. If two users use ecawave and its
clipboard at the same time[1], one of them will of course be unable to
open the file. She will get a segfault.

Furthermore ecawave follows symlinks when opening the clipboard file.
A malicious user can set-up things so that using ecawave's clipboard
function will clobber any file the victim can write.

Escalation of privileges is improbable, though.

Footnotes:
[1] Or one after another, as the files are not always deleted - see above.

-- System Information
Debian Release: testing/unstable
Kernel Version: Linux hoss 2.4.1ea-hoss #1 Mon Feb 19 11:53:50 CET 2001 i686 unknown

Versions of the packages ecawave depends on:
hi libqt2.2 2.2.4-1 Qt GUI Library (runtime version).
ii libc6 2.2.2-1 GNU C Library: Shared libraries and Timezone
ii libecasound7 1.8.5d15-9 shared libraries for ecasound
ii libkvutils2 1.8.5d15-9 kvutils library required for ecasound
ii libqtecasound1 0.1.2d1-4 ecasound qt version library
ii libstdc++2.10- 2.95.3-5 The GNU stdc++ library
libqt2.2-gl Not installed or no info

--
Netfort: dancer@netfort.gr.jp           Debian: dancer@debian.org 
dancer, a.k.a. Junichi Uekawa   http://www.netfort.gr.jp/~dancer
 Dept. of Knowledge Engineering and Computer Science, Doshisha University.
--
To unsubscribe send message 'unsubscribe' in the body of the
message to <ecasound-list-request@wakkanet.fi>.

Next message: Kai Vehmanen: "[ecasound] ecasound and ALSA (Re: 0.9.0beta1 is out)"
Previous message: ben@slumber.dhs.org: "[ecasound] ecawave fadein/fadeout bug"
Next in thread: Kai Vehmanen: "Re: [ecasound] Fw: Bug#86747: ecawave: insecure and broken tmp-file handling"
Reply: Kai Vehmanen: "Re: [ecasound] Fw: Bug#86747: ecawave: insecure and broken tmp-file handling"

New Message	Reply	Date view	Thread view	Subject view	Author view	Other groups

This archive was generated by hypermail 2b28 : Tue Feb 20 2001 - 17:51:15 EET