unsafe tempfile usage

not sure I understand?

All of these only occur in the tmp directory so dont understand what you mean by destroying the file st in the current home user's directory?

Can you explain the problem better and let me know what the preferred solution is

thanks

As far as I can tell, the filters are spawned directly from tracker, so they share the current working directory. When I looked at the tracker running in my session, its directory was my home directory. The code from one of the filters reads:

 st=/tmp/tempfile.$$
 nice -n19 ssindex -i "$1" > st

Using "st" there instead of "$st" means that the file "st" will be overwritten in the current directory, which, I think in this case is the user's home directory. So, in this case, only msword_filter is actually vulnerable to tempfile races (the others just clobber "st").

I don't have a proof-of-concept for this, I was just doing some code reading.

2007/11/20, Kees Cook <email address hidden>:
> As far as I can tell, the filters are spawned directly from tracker, so
> they share the current working directory. When I looked at the tracker
> running in my session, its directory was my home directory. The code
> from one of the filters reads:
>
> st=/tmp/tempfile.$$
> nice -n19 ssindex -i "$1" > st
>
> Using "st" there instead of "$st" means that the file "st" will be
> overwritten in the current directory, which, I think in this case is the
> user's home directory. So, in this case, only msword_filter is actually
> vulnerable to tempfile races (the others just clobber "st").
>
> I don't have a proof-of-concept for this, I was just doing some code
> reading.

Using "st" instead of "$st" is obviously a typo.
Nonetheless, the usage of /tmp/tempfile.$$ is generaly discouraged
from a security pov.
http://www.linuxsecurity.com/content/view/115462/151/
recommends to use "mktemp" for creating secure temp files.

Cheers,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Michael has fixed this in trunk.

tracker (0.6.4-1ubuntu1) hardy; urgency=low

  * Merge with Debian, remaining Ubuntu changes:
    - debian/control:
      + Addhere to DebianMaintainerField spec.
      + Do not build-depend on universe dependencies:
        libunac1-dev, libqdbm-dev.
      + tracker depends on o3read instead of recommend it, so we have
        OOo indexing by default.
    - debian/rules:
      + Enable sqlite external db instead of qdbm.
    - debian/patches/02_no_kde_autostart.patch:
      + Do not autostart trackerd in Kde, as they have strigi.
    - debian/patches/03_no_initial_index_in_battery.patch:
      + Do not run the initial index if running on battery.
        Patch taken from upstream SVN, revision 1075:
        http://svn.gnome.org/viewvc/tracker?view=revision&revision=1075
    - debian/patches/04_fix_crash_index_name_is_null.patch:
      + Fix a crash when index name is null during merging.
        Patch taken from upstream SVN, revision 1076:
        http://svn.gnome.org/viewvc/tracker?view=revision&revision=1076
    - debian/patches/05_typo_audio_track_peak_gain_tag.patch:
      + Fix a typo in a tag metadata. LP: #145359
        Patch taken from upstream SVN, revision 1077:
        http://svn.gnome.org/viewvc/tracker?view=revision&revision=1077
    - debian/patches/06_trackerd_infinite_loop.patch:
      + Fix an infinite loop in trackerd if a second instance is
        launched. Patch taken from upstream SVN, revision 1079:
        http://svn.gnome.org/viewvc/tracker?view=revision&revision=1079

  * Bugs fixed in the new release:
    - LP: #130935. Added a notification area tool displaying trackerd's
      status, and allowing to search from there.
    - LP: #138331: prevent hangs which stopped tracker quitting smoothly.
    - LP: #147756: Fixed memory leaks.
    - LP: #159807: Stop indexing if disk is full.
    - LP: #164148: Unsafe tempfile usage.
    - LP: #148520: Check for overlapping watch dirs
    - LP: #132463: Always show full path of files in tracker-search-tool.
    - LP: #133402: Do not repeat 'Preferences' in the preferences title.
    - LP: #164412: Limit log size to 10MB.
    - LP: #150814: Detect and prevent database corruption.
    - LP: #160262: Fix evolution email opening for the deskbar handlers.
    - LP: #150030: Show applications in search results.

 -- Emilio Pozuelo Monfort <email address hidden> Fri, 14 Dec 2007 01:16:26 +0100