← Back to team overview

openjdk team mailing list archive

  1. openjdk team
  2. Mailing list archive
  3. Message #09813

Bug#737562: unpack200: insecure use of /tmp

  Thread PreviousDate PreviousThread Next 
Package: openjdk-7-jre-headless
Version: 7u51-2.4.5-1
Tags: security
If unpack200 cannot open logfile, it creates a file in /tmp in an insecure way: 

$ strace -o '| grep /tmp' unpack200 --log-file=/cannot/open test.pack.gz test.jar
open("/tmp/unpack.log", O_RDWR|O_CREAT|O_APPEND, 0666) = 3


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openjdk-7-jre-headless:i386 depends on:
ii  ca-certificates-java  20130815
ii  java-common           0.51
ii  libc6                 2.18-0experimental1
ii  libcups2              1.7.1-3
ii  libfontconfig1        2.11.0-2
ii  libfreetype6          2.5.2-1
ii  libgcc1               1:4.9-20140122-1
ii  libglib2.0-0          2.36.4-1
ii  libjpeg8              8d-2
ii  libkrb5-3             1.12+dfsg-2
ii  liblcms2-2            2.2+git20110628-2.3+b1
ii  libnss3               2:3.15.3.1-1.1
ii  libpcsclite1          1.8.10-1
ii  libstdc++6            4.9-20140122-1
ii  multiarch-support     2.18-0experimental1
ii  tzdata-java           2013i-1
ii  zlib1g                1:1.2.8.dfsg-1

--
Jakub Wilk
  Thread PreviousDate PreviousThread Next