diff options
author | David Kalnischkies <david@kalnischkies.de> | 2015-09-07 19:32:31 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2015-09-14 15:22:18 +0200 |
commit | 92b2e38dd1334d7f7a30358124c4fad766ca4666 (patch) | |
tree | 24f6020cf5a91a72ea4665e488388f23bac595ab /cmdline | |
parent | e977b8b9234ac5db32f2f0ad7e183139b988340d (diff) | |
download | apt-92b2e38dd1334d7f7a30358124c4fad766ca4666.tar.gz |
fix insecure use of /tmp in EDSP solver 'dump'
As said in the bugreport, this is hardly a serious problem on a security
front, but it was always on the list to have the filename configurable
somehow and the stable filename is a problem for parallel executions.
Using an environment variable (APT_EDSP_DUMP_FILENAME) for this is more
or less the best we can do here as solvers do not get told about our
configuration and such.
Closes: 795600
Diffstat (limited to 'cmdline')
-rw-r--r-- | cmdline/apt-dump-solver.cc | 41 |
1 files changed, 29 insertions, 12 deletions
diff --git a/cmdline/apt-dump-solver.cc b/cmdline/apt-dump-solver.cc index 4729eac55..2e352931f 100644 --- a/cmdline/apt-dump-solver.cc +++ b/cmdline/apt-dump-solver.cc @@ -13,6 +13,7 @@ #include <unistd.h> #include <cstdio> #include <iostream> +#include <sstream> #include <config.h> /*}}}*/ @@ -23,10 +24,11 @@ static bool ShowHelp() { ioprintf(std::cout, "%s %s (%s)\n", PACKAGE, PACKAGE_VERSION, COMMON_ARCH); std::cout << - "Usage: apt-dump-resolver\n" + "Usage: apt-dump-solver\n" "\n" - "apt-dump-resolver is a dummy solver who just dumps its input to the\n" - "file /tmp/dump.edsp and exists with a proper EDSP error.\n" + "apt-dump-solver is a dummy solver who just dumps its input to the\n" + "file specified in the environment variable APT_EDSP_DUMP_FILENAME and\n" + "exists with a proper EDSP error.\n" "\n" " This dump has lost Super Cow Powers.\n"; return true; @@ -39,16 +41,31 @@ int main(int argc,const char *argv[]) /*{{{*/ ShowHelp(); return 0; } - // we really don't need anything - DropPrivileges(); - FILE* input = fdopen(STDIN_FILENO, "r"); - FILE* output = fopen("/tmp/dump.edsp", "w"); - char buffer[400]; - while (fgets(buffer, sizeof(buffer), input) != NULL) - fputs(buffer, output); - fclose(output); - fclose(input); + // we really don't need anything + DropPrivileges(); + char const * const filename = getenv("APT_EDSP_DUMP_FILENAME"); + if (filename == NULL || strlen(filename) == 0) + { + EDSP::WriteError("ERR_NO_FILENAME", "You have to set the environment variable APT_EDSP_DUMP_FILENAME\n" + "to a valid filename to store the dump of EDSP solver input in.\n" + "For example with: export APT_EDSP_DUMP_FILENAME=/tmp/dump.edsp", stdout); + return 0; + } + + unlink(filename); + FileFd input, output; + if (input.OpenDescriptor(STDIN_FILENO, FileFd::ReadOnly) == false || + output.Open(filename, FileFd::WriteOnly | FileFd::Create | FileFd::Exclusive, 0600) == false || + CopyFile(input, output) == false || input.Close() == false || output.Close() == false) + { + std::ostringstream out; + out << "Writing EDSP solver input to file '" << filename << "' failed!\n"; + _error->DumpErrors(out); + EDSP::WriteError("ERR_WRITE_ERROR", out.str(), stdout); + return 0; + } EDSP::WriteError("ERR_JUST_DUMPING", "I am too dumb, i can just dump!\nPlease use one of my friends instead!", stdout); + return 0; } |