Urs Janßen
2012-06-20 17:27:00 UTC
I'm having an issue with tin on a Linux system with PAM and pam_mktemp. This
module creates per-user directories under /tmp/.private/$USER instead of using
/tmp directory, for security reasons.
gpg: can't open `/tmp/.private/marcotin-26365.pt': No such file or directory
gpg: /tmp/.private/marcotin-26365.pt: clearsign failed: No such file or directory
where `tin-26365.pt` should be prepended by a "/".
I didn't had a look at pam_mktemp but I guess it returns the dirnamemodule creates per-user directories under /tmp/.private/$USER instead of using
/tmp directory, for security reasons.
gpg: can't open `/tmp/.private/marcotin-26365.pt': No such file or directory
gpg: /tmp/.private/marcotin-26365.pt: clearsign failed: No such file or directory
where `tin-26365.pt` should be prepended by a "/".
(/tmp/.private/$USER) without tailing / but tin assumes that $TMPDIR or
_PATH_TMP is set or defined with a taling / at several locations in the
code
=== modified file 'include/tin.h'
--- include/tin.h 2012-06-07 14:29:14 +0000
+++ include/tin.h 2012-06-20 17:22:12 +0000
@@ -581,11 +581,11 @@
#ifdef HAVE_LONG_FILE_NAMES
# define PATH_PART "part"
# define PATH_PATCH "patch"
-# define INDEX_LOCK "%stin.%s.LCK"
+# define INDEX_LOCK "tin.%s.LCK"
#else
# define PATH_PART ""
# define PATH_PATCH "p"
-# define INDEX_LOCK "%s%s.LCK"
+# define INDEX_LOCK "%s.LCK"
#endif /* HAVE_LONG_FILE_NAMES */
/*
=== modified file 'src/init.c'
--- src/init.c 2012-05-17 12:34:01 +0000
+++ src/init.c 2012-06-20 17:21:50 +0000
@@ -636,6 +636,7 @@
FILE *fp;
char *ptr;
const char *cptr;
+ char tmp[PATH_LEN];
struct stat sb;
struct passwd *myentry;
@@ -882,7 +883,8 @@
joinpath(postponed_articles_file, sizeof(postponed_articles_file), rcdir, POSTPONED_FILE);
joinpath(save_active_file, sizeof(save_active_file), rcdir, ACTIVE_SAVE_FILE);
- snprintf(lock_file, sizeof(lock_file), INDEX_LOCK, TMPDIR, userid);
+ snprintf(tmp, sizeof(tmp), INDEX_LOCK, userid);
+ joinpath(lock_file, sizeof(lock_file), TMPDIR, tmp);
#ifdef NNTP_ABLE
nntp_tcp_port = (unsigned short) atoi(get_val("NNTPPORT", NNTP_TCP_PORT));
=== modified file 'src/mail.c'
--- src/mail.c 2011-12-24 15:47:48 +0000
+++ src/mail.c 2012-06-20 17:23:02 +0000
@@ -648,7 +648,8 @@
make_base_group_path(group->spooldir, group->name, temp_filename, sizeof(temp_filename));
snprintf(buf, sizeof(buf), "%"T_ARTNUM_PFMT, article->artnum);
joinpath(article_filename, sizeof(article_filename), temp_filename, buf);
- snprintf(temp_filename, sizeof(temp_filename), "%s%ld.art", TMPDIR, (long) process_id);
+ snprintf(buf, sizeof(buf), "%ld.art", (long) process_id);
+ joinpath(temp_filename, sizeof(temp_filename), TMPDIR, buf);
if (!backup_file(article_filename, temp_filename))
return FALSE;
=== modified file 'src/pgp.c'
--- src/pgp.c 2011-12-24 15:47:48 +0000
+++ src/pgp.c 2012-06-20 17:22:45 +0000
@@ -109,15 +109,15 @@
# define PGP_SIG_TAG "-----BEGIN PGP SIGNED MESSAGE-----\n"
# define PGP_KEY_TAG "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
-# define HEADERS "%stin-%ld.h"
+# define HEADERS "tin-%ld.h"
# ifdef HAVE_LONG_FILE_NAMES
-# define PLAINTEXT "%stin-%ld.pt"
-# define CIPHERTEXT "%stin-%ld.pt.asc"
-# define KEYFILE "%stin-%ld.k.asc"
+# define PLAINTEXT "tin-%ld.pt"
+# define CIPHERTEXT "tin-%ld.pt.asc"
+# define KEYFILE "tin-%ld.k.asc"
# else
-# define PLAINTEXT "%stn-%ld.p"
-# define CIPHERTEXT "%stn-%ld.p.asc"
-# define KEYFILE "%stn-%ld.k.asc"
+# define PLAINTEXT "tn-%ld.p"
+# define CIPHERTEXT "tn-%ld.p.asc"
+# define KEYFILE "tn-%ld.k.asc"
# endif /* HAVE_LONG_FILE_NAMES */
@@ -195,11 +195,15 @@
{
FILE *art, *header, *plaintext;
char buf[LEN];
+ char tmp[PATH_LEN];
mode_t mask;
- snprintf(hdr, sizeof(hdr), HEADERS, TMPDIR, (long) process_id);
- snprintf(pt, sizeof(pt), PLAINTEXT, TMPDIR, (long) process_id);
- snprintf(ct, sizeof(ct), CIPHERTEXT, TMPDIR, (long) process_id);
+ snprintf(tmp, sizeof(tmp), HEADERS, (long) process_id);
+ joinpath(hdr, sizeof(hdr), TMPDIR, tmp);
+ snprintf(tmp, sizeof(tmp), PLAINTEXT, (long) process_id);
+ joinpath(pt, sizeof(pt), TMPDIR, tmp);
+ snprintf(tmp, sizeof(tmp), CIPHERTEXT, (long) process_id);
+ joinpath(ct, sizeof(ct), TMPDIR, tmp);
if ((art = fopen(file, "r")) == NULL)
return;
@@ -284,14 +288,16 @@
char *file)
{
FILE *fp, *key;
- char keyfile[PATH_LEN], cmd[LEN], buf[LEN];
+ char cmd[LEN], buf[LEN];
+ char keyfile[PATH_LEN], tmp[PATH_LEN];
if ((CURR_GROUP.attribute->from) != NULL && strlen(CURR_GROUP.attribute->from))
strip_name(CURR_GROUP.attribute->from, buf);
else
snprintf(buf, sizeof(buf), "%s@%s", userid, BlankIfNull(get_host_name()));
- snprintf(keyfile, sizeof(keyfile), KEYFILE, TMPDIR, (long) process_id);
+ snprintf(tmp, sizeof(tmp), KEYFILE, (long) process_id);
+ joinpath(keyfile, sizeof(keyfile), TMPDIR, tmp);
/*
* TODO: I'm guessing the pgp append key command creates 'keyfile' and that