bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

temp file patch for cvs


From: Olaf Kirch
Subject: temp file patch for cvs
Date: Fri, 5 Jan 2001 11:41:05 +0100

Hi,

The people at Immunix recently scanned all of RedHat 7.0 for
temp file problems and found some in CVS (among many others).

I'm currently testing a patch for this problem; the current
patch is attached.

What the patch does is

 -      define CVS_SAFE_FOPEN and safe_fopen to create
        temp files safely (i.e. using O_EXCL). This is still
        subject to denial of service, but at least it's safe :)
 -      Checked all calls to cvs_temp_name(), and made sure
        that the resulting file is opened using safe_fopen()
        In most cases this was straightforward, but on several
        occasions RCS_checkout is called, and I went through
        RCS_checkout to make sure the file is created safely
        (this part of the patch may need special attention
        to make sure it's okay)

Cheers
Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.            

Attachment: cvs-1.11-security.patch
Description: Source code patch


reply via email to

[Prev in Thread] Current Thread [Next in Thread]