From 32e648f9b37bd7a46de07e53b5fbfb2ecb9d7e17 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 8 Jan 2010 08:27:39 +0000
Subject: [PATCH] statistics:logcleaner: Fix insecure open of output file.

The logcleaner script by default creates the output file in /tmp.
Another user with access to the machine can create a symbolic link with
the same name as the output file. This will make the user running the
logcleaner script overwrite another file on the system.

This patch fixes this by making sure that we don't open existing files.

Thanks to Thijs Kinkhorst <thijs@uvt.nl> for reporting this bug.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2083 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/statistics/lib/LogCleaner.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/statistics/lib/LogCleaner.php b/modules/statistics/lib/LogCleaner.php
index 5d086ba75..90b4c1e84 100644
--- a/modules/statistics/lib/LogCleaner.php
+++ b/modules/statistics/lib/LogCleaner.php
@@ -125,7 +125,13 @@ class sspmod_statistics_LogCleaner {
 		$file = fopen($this->inputfile, 'r');
 		#$logfile = file($this->inputfile, FILE_IGNORE_NEW_LINES );
 		
-		$outfile = fopen($outputfile, 'w');
+		/* Open the output file in a way that guarantees that we will not overwrite a random file. */
+		if (file_exists($outputfile)) {
+			/* Delete existing output file. */
+			unlink($outputfile);
+		}
+		$outfile = fopen($outputfile, 'x'); /* Create the output file. */
+
 		
 		$logparser = new sspmod_statistics_LogParser(
 			$this->statconfig->getValue('datestart', 0), $this->statconfig->getValue('datelength', 15), $this->statconfig->getValue('offsetspan', 44)
-- 
GitLab