Subject: bin/23678: send-pr could be a little more secure
To: None <>
From: Christian Biere <>
List: netbsd-bugs
Date: 12/06/2003 19:52:00
>Number:         23678
>Category:       bin
>Synopsis:       send-pr could be a little more secure
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 06 19:53:00 UTC 2003
>Release:        NetBSD 1.6ZF
System: NetBSD cyclonus 1.6ZF NetBSD 1.6ZF (STARSCREAM) #0: Sun Nov 30 01:56:21 CET 2003 bin@cyclonus:/usr/build/obj/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
Although, it's strictly discouraged to mail confidential PRs to GNATS ATM,
send-pr could be a little more secure. E.g., I would use to create the
mail and mail it to the security-officer. Imagine, the admin finds a
security bug and uses send-pr to report. Unless the admin hasn't set
TMPDIR to a private directory and/or uses umask 077 any local user can
read the PR for a short time before it's mailed or much longer in case
sendmail fails resp. send-pr is aborted to procede with the method
mentioned above. Further, it's recommended to use mktemp for temporary
files - which also creates files with mode 600.


Use send-pr and look in $TMPDIR.


--- send-pr	2003-11-29 23:29:54.000000000 +0100
+++ send-pr	2003-12-06 20:36:23.000000000 +0100
@@ -20,6 +20,9 @@
 # along with GNU GNATS; see the file COPYING.  If not, write to
 # the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
+# Be paranoid per default; this might be a confidential PR.
+umask 077
 # The version of this send-pr.
@@ -82,9 +85,19 @@
+if [ ! -x "`command -v mktemp`" ]; then
+	echo 'mktemp not found; send-pr will use more predictable temporary files.'
+	echo 'Press <ENTER> to continue...'
+	read input
+	BAD=$TMPDIR/pbad$$
+	REF=$TMPDIR/pf$$
+	TEMP=`mktemp -t p$$` || exit
+	BAD=`mktemp -t pbad$$` || exit
+	REF=`mktemp -t pf$$` || exit
 # find a user name
 if [ "$LOGNAME" = "" ]; then