Issue 33357 - Insecure permissions on temporary files at runtime
Summary: Insecure permissions on temporary files at runtime
Status: CLOSED FIXED
Alias: None
Product: General
Classification: Code
Component: code (show other issues)
Version: OOo 1.1.2
Hardware: PC Linux, all
: P2 Trivial (vote)
Target Milestone: OOo 1.1.3
Assignee: Mathias_Bauer
QA Contact: issues@framework
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-24 15:38 UTC by pmladek
Modified: 2004-09-29 11:19 UTC (History)
6 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
a fix. (7.67 KB, patch)
2004-08-30 15:03 UTC, mmeeks 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description pmladek 2004-08-24 15:38:43 UTC 
When OOo is started, a directory /tmp/sv<RAND>.tmp is created, where
RAND is a 3 character random string. 

The permissions of this directory allow other users (depending on the user's
umask) to 'cd' to this directory and list the contents.

Once a file is saved, a zipped file is created in /tmp/sv<RAND>.tmp and the
name of the file follows the same convention. The permissions of the file
allow others (depending on the user's umask) to read the content.

Due to this any user can grab sensitive information of someother user.

Steps to reproduce the problem:
1. Launch OpenOffice.
2. List /tmp contents. Locate the directory 'sv*.tmp'
3. Type in some contents in the document and save it.
4. List the contents of the directory /tmp/sv*.tmp/
5. Do not close OpenOffice. 'su' to a different user.
6. Copy the file under /tmp/sv*.tmp/ to home directory.
7. Use 'unzip' to unzip the files.
8. The file content.xml holds the data the user had just saved.

The workaround is to set more secure umask. The problem is that the users does
not know about it. Why should they need to set more strict umask if they save
its data in a directory which has the correct permissions. They do not expect
that there are any world-readable temporary data available somewhere on the system.
Comment 1 pavel 2004-08-24 17:09:21 UTC 
raising prio, security/privacy issue.
Comment 2 thorsten.martens 2004-08-26 09:42:18 UTC 
TM->MAV: Please have a look, thanks !
Comment 3 mmeeks 2004-08-30 15:03:49 UTC 
Created attachment 17436 [details]
a fix.
Comment 4 mikhail.voytenko 2004-08-31 16:06:44 UTC 
MAV->MBA: sending to as discussed.
Comment 5 Mathias_Bauer 2004-09-02 15:39:21 UTC 
Thanks for the patch, but we already had found the problem by ourselves and
solved it in a slightly different way.
We don't want to add exported functions to the sal library in a hurry, so we
"hacked" the umask in unotools/source/ucbhelper/tempfile.cxx. This is ugly, but
gives us some time to think about the desired osl-Interface that we will use in
OOo2.0 then.
Comment 6 Mathias_Bauer 2004-09-29 11:19:59 UTC 
.