[packagekit] pkgenpack and make security-check
Richard Hughes
hughsient at gmail.com
Thu Sep 11 05:26:52 PDT 2008
Hey dude,
I've run "make security-check" on PackageKit, and the new pkgenpack code
comes up with three new entries.
./client/pk-generate-pack-main.c:122: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns
untrustable input if the environment can beset by an attacker. It can have any
content and length, and the same variable can be set more than once.
Check environment variables carefully before using them.
./client/pk-generate-pack.c:357: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns
untrustable input if the environment can beset by an attacker. It can have any
content and length, and the same variable can be set more than once.
Check environment variables carefully before using them.
./client/pk-generate-pack.c:314: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move
things around to create a race condition, control its ancestors, or change
its contents?.
Do you want me to show you how you can security audit files like these
and either fix the code or make the warnings go away?
Richard.
More information about the PackageKit
mailing list