[Bug 374771] Review Request: smstools - Tools for send and receive short messages through GSM modems or mobile phones
bugzilla at redhat.com
bugzilla at redhat.com
Mon Nov 12 20:32:57 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: smstools - Tools for send and receive short messages through GSM modems or mobile phones
https://bugzilla.redhat.com/show_bug.cgi?id=374771
------- Additional Comments From lkundrak at redhat.com 2007-11-12 15:32 EST -------
smstools3/src/stats.c does:
40 #ifndef NOSTATS
41 MM_create(DEVICES*sizeof(_stats),tempnam(0,0));
42 #endif
and libmm does:
235 #if defined(MM_SHMT_MMPOSX) || defined(MM_SHMT_MMFILE)
236 sprintf(shmfilename, "%s.mem", file);
237 fnmem = shmfilename;
238 #endif
257 shm_unlink(fnmem); /* Ok when it fails */
258 if ((fdmem = shm_open(fnmem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE))
== -1)
259 FAIL(MM_ERR_CORE|MM_ERR_SYSTEM, "failed to open tempfile");
This leaves possibility that some user guesses the temporary file name generated
by adding ".mem" suffix to result of tempnam() call and cause smsd to fail. As
this can be considered a low severity security flaw, it needs to be addressed.
It would be hard to fix it, since the problem lies partly in the mm library
(which mangles the file name by adding the .mem suffix), probably by using a
private temporary directory.
I think the best solution would be to disable stats support (which is even
disabled by upstream by default and would permit dropping of mm dependency).
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-package-review
mailing list