Gentoo Logo

Esearch: Insecure temp file handling


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200407-01 / esearch
Release Date July 01, 2004
Latest Revision May 22, 2006: 02
Impact normal
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
app-portage/esearch <= 0.6.1 >= 0.6.2 All supported architectures

Related bugreports: #55424


The eupdatedb utility in esearch creates a file in /tmp without first checking for symlinks. This makes it possible for any user to create arbitrary files.

2.  Impact Information


Esearch is a replacement for the Portage command "emerge search". It uses an index to speed up searching of the Portage tree.


The eupdatedb utility uses a temporary file (/tmp/ to indicate that the eupdatedb process is running. When run, eupdatedb checks to see if this file exists, but it does not check to see if it is a broken symlink. In the event that the file is a broken symlink, the script will create the file pointed to by the symlink, instead of printing an error and exiting.


An attacker could create a symlink from /tmp/ to a nonexistent file (such as /etc/nologin), and the file will be created the next time esearchdb is run.

3.  Resolution Information


There is no known workaround at this time. All users should upgrade to the latest available version of esearch.


All users should upgrade to the latest available version of esearch, as follows:

Code Listing 3.1: Resolution

# emerge sync

# emerge -pv ">=app-portage/esearch-0.6.2"
# emerge ">=app-portage/esearch-0.6.2"

4.  References


Page updated July 01, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.