After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 130092 - insecure temporary file creation
insecure temporary file creation
Status: RESOLVED OBSOLETE
Product: gnome-vfs
Classification: Deprecated
Component: Module: vfolder
cvs (head)
Other All
: Urgent major
: ---
Assigned To: gnome-vfs maintainers
gnome-vfs maintainers
Depends on:
Blocks:
 
 
Reported: 2003-12-27 19:22 UTC by Martijn Vernooij
Modified: 2005-05-10 17:00 UTC
See Also:
GNOME target: ---
GNOME version: 2.9/2.10


Description Martijn Vernooij 2003-12-27 19:22:34 UTC 
modules/vfolder/vfolder-info.c, line 350
                                                                          
                                                                          
                                                                            
        tmpfile = g_strdup_printf ("%s.tmp-%d",
                                   info->filename,
                                   (int) (tv.tv_sec ^ tv.tv_usec));
                                                                          
                                                                          
                                                                            
while in libgnomevfs/gnome-vfs-private-utils.c there is a function
gnome_vfs_create_temp that does this securely.
                                                                          
                                                                          
                                                                            
Depending on the location of the file, this may not be that hazardous, but
still it is not on the safe side and it provides another source for
unsecure cut and paste code.
                                                                          
                                                                          
                                                                            
And then there's the scripts in modules/extfs. Here's to hoping these are
never used..
Comment 1 Luis Villa 2003-12-30 16:04:23 UTC 
See comments on bug 130091. :) Thanks...
Comment 2 Christian Neumair 2005-05-10 17:00:43 UTC 
Thanks for your bug report! The vfolder module has been removed in GNOME-VFS
2.10, though, so this one isn't relevant anymore.
We'd still appreciate any future bug reports :).