[OE-core] [PATCH] patch.bbclass: Use one TMPDIR per patching process
Richard Purdie
richard.purdie at linuxfoundation.org
Fri Sep 14 11:50:50 UTC 2012
On Fri, 2012-09-14 at 13:28 +0200, Enrico Scholz wrote:
> Constantin Musca
> <constantinx.musca-ral2JQCrhuEAvxtiuMwx3w at public.gmane.org> writes:
>
> > + process_tmpdir = os.path.join('/tmp', str(os.getpid()))
> > + if os.path.exists(process_tmpdir):
> > + shutil.rmtree(process_tmpdir)
> > + os.makedirs(process_tmpdir)
>
> ooohhhh... this violates trivial rules regarding secure generation of
> tempfiles. Better use 'mkdtemp()' from the 'tempfile' module.
The problem is that the internal temp directory creation inside patch
can be broken. We *really* don't want to start building patch-native so
this workaround gives patch a fighting chance of not conflicting with
other instances of itself. Its only being used as a prefix, not as the
full directory path name so it isn't quite as insecure as it would first
appear.
I'm fine if we want to use the mkdtemp approach though and further
randomise this. I'd also suggest any updated version adds a comment to
the code about *why* we need a separate TMPDIR and which versions of
patch have this problem.
Cheers,
Richard
More information about the Openembedded-core
mailing list