openoffice --- document disclosure
NAKATA Maho
chat95 at mac.com
Tue Sep 14 14:43:03 PDT 2004
In Message-ID: <20040914022410.GA83483 at madman.celabo.org>
"Jacques A. Vidrine" <nectar at FreeBSD.org> wrote:
Hello nectar, and portmgr
portmger: I would like to fix this problem as soon as possible,
I confirmed that this security vulenrablity was fixed with patch.
please approve
o adding /usr/ports/editors/openoffice-1.1/files/patch-security-tmp-dir
change Makefile to:
o fcvs diff -u Makefile
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/editors/openoffice-1.1/Makefile,v
retrieving revision 1.164
diff -u -r1.164 Makefile
--- Makefile 31 Aug 2004 12:09:57 -0000 1.164
+++ Makefile 14 Sep 2004 21:42:23 -0000
@@ -36,6 +36,8 @@
USE_BISON= yes
USE_GMAKE= yes
USE_REINPLACE= yes
+#mozilla 1.0 seems to have security vulnerability
+WITHOUT_MOZILLA= yes
.if !defined(WITHOUT_JAVA)
USE_JAVA= 1.4+
----------------------------------------------------------------------
> This issue seems reasonably serious to me:
> http://vuxml.freebsd.org/c62dc69f-05c8-11d9-b45d-000c41e2cdad.html
okay. thank you very much for your report.
One point.
Affected packages
0 <= ar-openoffice
0 <= ca-openoffice
0 <= cs-openoffice
0 <= de-openoffice
0 <= dk-openoffice
0 <= el-openoffice
0 <= es-openoffice
0 <= et-openoffice
0 <= fi-openoffice
0 <= fr-openoffice
0 <= gr-openoffice
0 <= hu-openoffice
0 <= it-openoffice
0 <= ja-openoffice
0 <= ko-openoffice
0 <= nl-openoffice
0 <= openoffice
0 <= pl-openoffice
0 <= pt-openoffice
0 <= pt_BR-openoffice
0 <= ru-openoffice
0 <= se-openoffice
0 <= sk-openoffice
0 <= sl-openoffice-SI
0 <= tr-openoffice
0 <= zh-openoffice-CN
0 <= zh-openoffice-TW
openoffice and not openoffice-1.1?
I think they should be *-openoffice-1.1-*.
Currently I don't want to maintain OOo 1.0.3 ports since
they shoule be obsolated, also openoffice-1.0 might not
build for 5.3-RELEASE since there is a change in make(1).
> Is it possible to have the OpenOffice ports patched before 5.3-RELEASE?
I will commit the patch (slightly changed, though) by mmeeks
at the IZ: http://www.openoffice.org/issues/show_bug.cgi?id=33357
This patch was committed and confirmed that this risk is avoided.
1. Launch OpenOffice.
2. List /tmp contents. Locate the directory 'sv*.tmp'
3. Type in some contents in the document and save it.
4. List the contents of the directory /tmp/sv*.tmp/
5. Do not close OpenOffice. 'su' to a different user.
6. Copy the file under /tmp/sv*.tmp/ to home directory.
-> Now Permission denied.
BTW:
OOo uses mozilla 1.0 runtime, and it also has security vulnerability.
portsaudit tells and some discussios somewhere at opneoffice at freebsd.org
and freebsd-users-jp at jp.freebsd.org (in Japanese).
I'll mark as WITHOUT_MOZILLA for a while so as to avoid this problem also.
http://www.FreeBSD.org/ports/portaudit/730db824-e216-11d8-9b0a-000347a4fa7d.html
http://www.FreeBSD.org/ports/portaudit/f9e3e60b-e650-11d8-9b0a-000347a4fa7d.html
http://www.FreeBSD.org/ports/portaudit/abe47a5a-e23c-11d8-9b0a-000347a4fa7d.html
Best regards,
--nakata maho
More information about the freebsd-openoffice
mailing list