This patch fixes a security issue in OSSP mm 1.1.3 where a race condition existed in the creation of temporary files. This is fixed in OSSP mm 1.2.0 and higher. This patch file is intended for package maintainers only who need to apply the security fix to their old packages (based on version 1.1.3). All other people should use 1.2.0 or higher. Index: mm_core.c =================================================================== RCS file: /e/ossp/cvs/ossp-pkg/mm/mm_core.c,v retrieving revision 1.10 diff -u -d -r1.10 mm_core.c --- mm_core.c 17 Mar 2000 16:54:08 -0000 1.10 +++ mm_core.c 26 Jul 2002 11:25:16 -0000 @@ -249,7 +249,7 @@ #if defined(MM_SHMT_MMPOSX) shm_unlink(fnmem); /* Ok when it fails */ - if ((fdmem = shm_open(fnmem, O_RDWR|O_CREAT, MM_CORE_FILEMODE)) == -1) + if ((fdmem = shm_open(fnmem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1) FAIL(MM_ERR_CORE|MM_ERR_SYSTEM, "failed to open tempfile"); if (ftruncate(fdmem, mm_core_mapoffset+size) == -1) FAIL(MM_ERR_CORE|MM_ERR_SYSTEM, "failed to truncate tempfile"); @@ -275,7 +275,7 @@ #if defined(MM_SHMT_MMFILE) unlink(fnmem); - if ((fdmem = open(fnmem, O_RDWR|O_CREAT, MM_CORE_FILEMODE)) == -1) + if ((fdmem = open(fnmem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1) FAIL(MM_ERR_CORE|MM_ERR_SYSTEM, "failed to open memory file"); if (ftruncate(fdmem, mm_core_mapoffset+size) == -1) FAIL(MM_ERR_CORE|MM_ERR_SYSTEM, "failed to truncate memory file"); @@ -303,13 +303,13 @@ #if defined(MM_SEMT_FLOCK) unlink(fnsem); - if ((fdsem = open(fnsem, O_RDWR|O_CREAT, MM_CORE_FILEMODE)) == -1) + if ((fdsem = open(fnsem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1) FAIL(MM_ERR_CORE|MM_ERR_SYSTEM, "failed to open semaphore file"); #endif /* MM_SEMT_FLOCK */ #if defined(MM_SEMT_FCNTL) unlink(fnsem); - if ((fdsem = open(fnsem, O_RDWR|O_CREAT, MM_CORE_FILEMODE)) == -1) + if ((fdsem = open(fnsem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1) FAIL(MM_ERR_CORE|MM_ERR_SYSTEM, "failed to open semaphore file"); #endif /* MM_SEMT_FCNTL */