[klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options
max at stro.at
Wed May 18 13:29:33 PDT 2011
On Wed, May 18, 2011 at 04:13:05PM -0400, Dan Rosenberg wrote:
> Might it be worth fixing the insecure temporary file usage?
> 122 snprintf(fn, sizeof(fn), "/tmp/net-%s.conf", dev->name);
> 123 f = fopen(fn, "w");
> What if someone else has already created that file, or put a symlink
> or hard link there?
for the initramfs case I don't see how.
outside of initramfs usage I'd agree that this needs fixing.
> What if someone overwrites your string with
> command injection characters despite your stripping?
please be more verbose, what example do you have in mind?
thank you for the review.
More information about the klibc