freebsd-bugbusters Digest, Vol 220, Issue 1

[freebsd-bugbu...@freebsd.org]

Send freebsd-bugbusters mailing list submissions to
freebsd-b...@freebsd.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-bugbusters
or, via email, send a message with subject or body 'help' to
freebsd-bugbu...@freebsd.org

You can reach the person managing the list at
freebsd-bugb...@freebsd.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-bugbusters digest..."

Today's Topics:

1. insecure file handling in geoip package (Anatoly Pugachev)

----------------------------------------------------------------------

Message: 1
Date: Mon, 5 Apr 2010 11:54:37 +0400
From: Anatoly Pugachev <ma...@team.co.ru>
Subject: insecure file handling in geoip package
To: bugbu...@FreeBSD.org
Cc: mato...@gmail.com
Message-ID: <2010040507...@puga.deis.gldn.net>
Content-Type: text/plain; charset=us-ascii

Hello!

Can you please update file /usr/local/bin/geoipupdate.sh
in GeoIP freebsd package to handle downloaded file in a more secure
manner, i.e. with using mktemp:

#!/bin/sh
TMPFILE=`mktemp /tmp/geoip.XXXXXX` || exit 1
fetch -o $TMPFILE http://64.246.48.99/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gzip -dc $TMPFILE > /usr/local/share/GeoIP/GeoIP.dat
rm $TMPFILE

Since this shell script is usually put in cron with root account, attacker
can use unix-symlink attack. Thanks.

------------------------------

End of freebsd-bugbusters Digest, Vol 220, Issue 1
**************************************************