Tickets :: [#11756] security: do not use sys_get_temp_dir()

6.0.0-beta1

7/12/25

Summary	security: do not use sys_get_temp_dir()
Queue	Horde Framework Packages
Queue Version	Git master
Type	Bug
State	Resolved
Priority	2. Medium
Owners	jan (at) horde (dot) org
Requester	enrico.scholz (at) sigma-chemnitz (dot) de
Created	11/25/2012 (4612 days ago)
Due
Updated	02/01/2016 (3449 days ago)
Assigned
Resolved	02/01/2016 (3449 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

02/01/2016 05:09:19 PM	Jan Schneider	Assigned to Jan Schneider State ⇒ Resolved

02/01/2016 05:08:50 PM	Git Commit	Comment #5	Reply to this comment
Changes have been made in Git (master): commit f41dc10b1a23e0f16e7aca04aa20b1df4d43b3f0 Author: Jan Schneider <jan@horde.org> Date: Mon Feb 1 17:31:07 2016 +0100 Use configured temporary directory (~~Request #11756~~). .../Core/lib/Horde/Core/Factory/MimeViewer.php \| 1 + .../Mime_Viewer/lib/Horde/Mime/Viewer/Ooo.php \| 7 +++---- framework/Mime_Viewer/package.xml \| 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-) http://github.com/horde/horde/commit/f41dc10b1a23e0f16e7aca04aa20b1df4d43b3f0

11/26/2012 03:57:46 PM	enrico (dot) scholz (at) sigma-chemnitz (dot) de	Comment #4	Reply to this comment
Configure the temp directory in horde's configuration. How can it configured for cases like: /usr/share/pear/Horde/Mime/Viewer/Ooo.php: $tmpdir = Horde_Util::createTempDir(true); ---- static public function createTempDir($delete = true, $temp_dir = null) { if (is_null($temp_dir)) { $temp_dir = sys_get_temp_dir(); }

11/25/2012 10:44:05 PM	Jan Schneider	Comment #3 State ⇒ Not A Bug	Reply to this comment
Configure the temp directory in horde's configuration.

11/25/2012 10:01:33 PM	enrico (dot) scholz (at) sigma-chemnitz (dot) de	Comment #2	Reply to this comment
there is an upstream php report which is open for more than 4 years: https://bugs.php.net/bug.php?id=44972 So, do not wait on PHP to fix this...

11/25/2012 09:58:38 PM	enrico (dot) scholz (at) sigma-chemnitz (dot) de	Comment #1 Priority ⇒ 2. Medium Type ⇒ Bug Summary ⇒ security: do not use sys_get_temp_dir() Queue ⇒ Horde Framework Packages Milestone ⇒ Patch ⇒ No State ⇒ Unconfirmed	Reply to this comment
Horde places files with hardcoded names (e.g. 'horde_cache_gc' or 'passwd.lock') into the directory returned by sys_get_temp_dir(). Unfortunately, this function is broken by returning always the world-writable /tmp directory and there is no way to change this (I am aware of modifying the TMPDIR environment variable, but this requires changes in the apache startup script affecting the whole apache server inclusive unrelated vhosts). Having cache data in /tmp requires to add this directory to 'open_basedir' which opens vectors for other security holes. There are functional problems too when different vhosts with perhaps different horde versions are accessing the same /tmp/horde_cache_gc file. You should replace all occurrences of sys_get_temp_dir() with a utility function which returns e.g. \| getenv('TMPDIR') ? getenv('TMPDIR') : sys_get_temp_dir() So, TMPDIR can be configured per vhost/directory an the apache configuration.