Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: smstools - Tools for send and receive short messages through GSM modems or mobile phones https://bugzilla.redhat.com/show_bug.cgi?id=374771 ------- Additional Comments From lkundrak@xxxxxxxxxx 2007-11-12 15:32 EST ------- smstools3/src/stats.c does: 40 #ifndef NOSTATS 41 MM_create(DEVICES*sizeof(_stats),tempnam(0,0)); 42 #endif and libmm does: 235 #if defined(MM_SHMT_MMPOSX) || defined(MM_SHMT_MMFILE) 236 sprintf(shmfilename, "%s.mem", file); 237 fnmem = shmfilename; 238 #endif 257 shm_unlink(fnmem); /* Ok when it fails */ 258 if ((fdmem = shm_open(fnmem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1) 259 FAIL(MM_ERR_CORE|MM_ERR_SYSTEM, "failed to open tempfile"); This leaves possibility that some user guesses the temporary file name generated by adding ".mem" suffix to result of tempnam() call and cause smsd to fail. As this can be considered a low severity security flaw, it needs to be addressed. It would be hard to fix it, since the problem lies partly in the mm library (which mangles the file name by adding the .mem suffix), probably by using a private temporary directory. I think the best solution would be to disable stats support (which is even disabled by upstream by default and would permit dropping of mm dependency). -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review