 |
wireguard-tools-0.0.20180413-alt2.M80P.1.x86_64 |
unsafe-tmp-usage-in-scripts |
info |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/wireguard-tools-0.0.20180413/examples/ncat-client-server/client.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/wireguard-tools-0.0.20180413/examples/ncat-client-server/client.sh # Copyright (C) 2015-2018 Jason A. Donenfeld . All Rights Reserved. set -e [[ $UID == 0 ]] || { echo "You must be root to run this."; exit 1; } umask 077 trap 'rm -f /tmp/wg_private_key' EXIT INT TERM exec 3<>/dev/tcp/demo.wireguard.com/42912 wg genkey | tee /tmp/wg_private_key | wg pubkey >&3 IFS=: read -r status server_pubkey server_port internal_ip <&3 [[ $status == OK ]] ip link del dev wg0 2>/dev/null || true ip link add dev wg0 type wireguard wg set wg0 private-key /tmp/wg_private_key peer "$server_pubkey" allowed-ips 0.0.0.0/0 endpoint "demo.wireguard.com:$server_port" persistent-keepalive 25 ip address add "$internal_ip"/24 dev wg0 ip link set up dev wg0 if [ "$1" == "default-route" ]; then host="$(wg show wg0 endpoints | sed -n 's/.*\t\(.*\):.*/\1/p')" ip route add $(ip route get $host | sed '/ via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}' | head -n 1) 2>/dev/null || true |