[packagekit] pkgenpack and make security-check

Richard Hughes hughsient at gmail.com
Thu Sep 11 05:26:52 PDT 2008


Hey dude,

I've run "make security-check" on PackageKit, and the new pkgenpack code
comes up with three new entries.

./client/pk-generate-pack-main.c:122:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns
  untrustable input if the environment can beset by an attacker.  It can have any
  content and length, and the same variable can be set more than once.
  Check environment variables carefully before using them. 
./client/pk-generate-pack.c:357:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns
  untrustable input if the environment can beset by an attacker.  It can have any
  content and length, and the same variable can be set more than once.
  Check environment variables carefully before using them. 
./client/pk-generate-pack.c:314:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 

Do you want me to show you how you can security audit files like these
and either fix the code or make the warnings go away?

Richard.




More information about the PackageKit mailing list