[aur-general] TU Application: Daniel Bermond (dbermond)

[Daniel Bermond]

On 10/14/18 7:10 PM, Levente Polyak via aur-general wrote:
> Hi Daniel,
>
> On 10/14/18 9:49 PM, Daniel Bermond via aur-general wrote:
>> I have a project of my own called screencast[4], which is a command line interface to record a X11 desktop using FFmpeg, having support for offline recording, live streaming and the capability of adding some effects. It's written in pure POSIX/portable shellscript.
>
> Just took some seconds of reading screencast and i noticed the following
> that you may want to fix as i didn't spot in a 10sec lookup what would
> mitigate the following:
>
> https://github.com/dbermond/screencast/blob/HEAD/src/settings_general.sh#L31
>
> You are using /tmp here, you should replace processing with a safe user
> owned directory aquired by `mktemp`.
>
> The reason:
>
> Its vulnerable to symlink attacks, you can delete arbitrary user owned
> files via:
> https://github.com/dbermond/screencast/blob/HEAD/src/system.sh#L31
>
> Or steal secret data like ssh or gnipg secret keys by moving it outside
> of a user-only accessable folder via a `mv` gadget:
>
> https://github.com/dbermond/screencast/blob/HEAD/src/system.sh#L40
>
> cheers,
> Levente

Hi Levente,

Thank you for pointing this!

Although mktemp is not defined by the POSIX specification, it passes the
shellcheck POSIX test with /bin/sh. I think it will not defeat the POSIX
purpose of the script. Googling for it suggests that it's present
everywhere nowadays. I can check for it's presence on the system and use
it if available, otherwise fallback to the poor /tmp or something else.

I'll be implementing this as soon as I can, and also some Eli suggestions.

-- 
Best regards,
Daniel Bermond


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20181015/4330f598/attachment.asc>