--- muttprint-0.72d/muttprint 2008/11/27 20:21:34 235 +++ muttprint-0.72d/muttprint 2008/12/25 14:26:39 236 @@ -38,6 +46,9 @@ use POSIX; use Text::Wrap; use File::Temp qw(tempdir); +use File::Temp qw(tempfile); +use File::Spec qw(tmpdir); +use File::stat qw(stat); use utf8; # boolean type @@ -1122,21 +1131,49 @@ } } -sub createTemp () { - # - # temp directory / temp files - $Temp{dir} = tempdir("muttprint-XXXXXX", TMPDIR => 1, CLEANUP => 1); - $Temp{content} = "$Temp{dir}/content"; - $Temp{latex} = "$Temp{dir}/mail.tex"; - $Temp{logf} = "/tmp/muttprint.log"; - $Temp{dvi} = "$Temp{dir}/mail.dvi"; - $Temp{ps} = "$Temp{dir}/mail.ps"; - $Temp{psnew} = "$Temp{dir}/mail-new.ps"; - $Temp{ps1} = "$Temp{dir}/mail1.ps"; - $Temp{ps2} = "$Temp{dir}/mail2.ps"; - $Temp{xf_raw} = "$Temp{dir}/xface.raw"; - $Temp{xf_xbm} = "$Temp{dir}/xface.xbm"; - $Temp{xf_eps} = "$Temp{dir}/xface.eps"; +sub createTemp () +{ ## set temporary directories and files ## + + my $logf = "/tmp/muttprint.log"; + + if (-e $logf) + { ## 2008-12-24 -- Lukas Ruf + # close CVE-2008-5368 -- muttprint vulnerable to symlink attack + # ensure "/tmp/muttprint.log" adheres to the following constraints + # - owner is current user + # - only real files are allowed + # if any of these fail, create a temporary file by use of tempfile() + + ## check ownership ## + my $stat = stat($logf) || die "ERROR: no $logf"; + my $is_owner = $stat->uid == $< || $stat->uid == $>; + my $is_regfile = (-f $logf); + + ## adjust the logfile if any of those checks fails ## + if (!$is_owner || !$is_regfile) + { ## create a temporary logfile ## + my $logfh = 0; + ($logfh, $logf) = tempfile("muttprint-XXXXXX", UNLINK => 0, SUFFIX => ".log"); + + my $logd = File::Spec->tmpdir(); + $logf = "$logd"."/"."$logf"; + close $logfh || die "ERROR: closing $logf"; + } + } + + $Temp{dir} = tempdir("muttprint-XXXXXX", TMPDIR => 1, CLEANUP => 1); + $Temp{content} = "$Temp{dir}/content"; + $Temp{latex} = "$Temp{dir}/mail.tex"; + $Temp{logf} = "$logf"; + $Temp{dvi} = "$Temp{dir}/mail.dvi"; + $Temp{ps} = "$Temp{dir}/mail.ps"; + $Temp{psnew} = "$Temp{dir}/mail-new.ps"; + $Temp{ps1} = "$Temp{dir}/mail1.ps"; + $Temp{ps2} = "$Temp{dir}/mail2.ps"; + $Temp{xf_raw} = "$Temp{dir}/xface.raw"; + $Temp{xf_xbm} = "$Temp{dir}/xface.xbm"; + $Temp{xf_eps} = "$Temp{dir}/xface.eps"; + } ##############################################################################