796764 – make check: hardcoded filenames in /tmp, vulnerable to symlink attacks

Bug 796764 - make check: hardcoded filenames in /tmp, vulnerable to symlink attacks

Summary: make check: hardcoded filenames in /tmp, vulnerable to symlink attacks

Status:	NEW

Alias:	None

Product:	GnuCash
Classification:	Unclassified
Component:	Build system (show other bugs)
Version:	git-maint
Hardware:	PC Linux

Importance:	Normal critical
Target Milestone:	---
Assignee:	core
QA Contact:	core

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-07-15 19:56 EDT by Vincent Lefevre
Modified:	2018-07-17 04:11 EDT (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Vincent Lefevre 2018-07-15 19:56:24 EDT

The "make check" tests use hardcoded filenames in /tmp, making "make check" vulnerable to symlink attacks (for systems that do not have special protection) in particular.

For instance, create a symbolic link /tmp/test-trep-null-test.html to some existing file (with write permission). Then "make check" follows the symlink and overwrites this file.

The test system should create a subdirectory of /tmp, make sure that the creation succeeded, and create all temporary files in it.

Comment 1 Christopher Lam 2018-07-16 11:19:49 EDT

Erm these files are only created on devs' machines for testing, and travis which creates VMs from scratch.

It would require a motivated dev to create symlinks in /tmp to sabotage their own machine. Who would do such a thing?

Comment 2 Vincent Lefevre 2018-07-17 04:11:00 EDT

Not just on devs' machines, on any machine an end user wishes to build GnuCash, and such a machine may be a machine shared among several users.

Note You need to log in before you can comment on or make changes to this bug.