Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch')
-rw-r--r--app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch b/app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch
new file mode 100644
index 000000000000..7f59d6afeeac
--- /dev/null
+++ b/app-editors/emacs/files/emacs-22.1-vcdiff-tmp-race.patch
@@ -0,0 +1,25 @@
+Steve Grubb of Red Hat discovered that vcdiff script as shipped with Emacs
+(confirmed in versions 20.7 to 22.1.50) uses temporary files insecurely,
+which makes it possible for local attacker to conduct a symlink attack and
+make the victim overwrite arbitrary file.
+
+diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff
+--- emacs-21.4.orig/lib-src/vcdiff 2006-09-28 12:07:51.000000000 -0400
++++ emacs-21.4/lib-src/vcdiff 2006-09-28 15:58:53.000000000 -0400
+@@ -86,14 +86,14 @@
+ case $f in
+ s.* | */s.*)
+ if
+- rev1=/tmp/geta$$
++ rev1=`mktemp /tmp/geta.XXXXXXXX`
+ get -s -p -k $sid1 "$f" > $rev1 &&
+ case $sid2 in
+ '')
+ workfile=`expr " /$f" : '.*/s.\(.*\)'`
+ ;;
+ *)
+- rev2=/tmp/getb$$
++ rev2=`mktemp /tmp/getb.XXXXXXXX`
+ get -s -p -k $sid2 "$f" > $rev2
+ workfile=$rev2
+ esac