temp file patch for cvs

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

temp file patch for cvs

From:	Olaf Kirch
Subject:	temp file patch for cvs
Date:	Fri, 5 Jan 2001 11:41:05 +0100

Hi,

The people at Immunix recently scanned all of RedHat 7.0 for
temp file problems and found some in CVS (among many others).

I'm currently testing a patch for this problem; the current
patch is attached.

What the patch does is

 -      define CVS_SAFE_FOPEN and safe_fopen to create
        temp files safely (i.e. using O_EXCL). This is still
        subject to denial of service, but at least it's safe :)
 -      Checked all calls to cvs_temp_name(), and made sure
        that the resulting file is opened using safe_fopen()
        In most cases this was straightforward, but on several
        occasions RCS_checkout is called, and I went through
        RCS_checkout to make sure the file is created safely
        (this part of the patch may need special attention
        to make sure it's okay)

Cheers
Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.

cvs-1.11-security.patch
Description: Source code patch

[Prev in Thread]

Current Thread

[Next in Thread]

temp file patch for cvs, Olaf Kirch <=
- Re: temp file patch for cvs, Derek R. Price, 2001/01/09

Prev by Date: -d . bug
Next by Date: Suggestion: amendments to the Cederqvist manual
Previous by thread: -d . bug
Next by thread: Re: temp file patch for cvs
Index(es):
- Date
- Thread