bvt's backtrace

07.04.2019, 570634: phf has modified the manifest format and reground the tree with Keccak hashes. Thus, I re-signed the vpatch introduced in this post as well:

curl 'http://bvt-trace.net/vpatches/UPDATED-vtools_tempfile_standalone_notmp.vpatch' > vtools_tempfile_standalone_notmp.vpatch
curl 'http://bvt-trace.net/vpatches/UPDATED-vtools_tempfile_standalone_notmp.vpatch.bvt.sig' > vtools_tempfile_standalone_notmp.vpatch.bvt.sig

My previous attempt at at replacing mktemp(3) in vpatch gathered some criticism by phf and mircea_popescu. Both reviewers pointed out that the location where the temporary file is created, the /tmp directory¹, is a wrong location to use. phf's argument were:

But in the end, he accepted the vpatch as is, rejecting my offer to rewrite it.

The point that mircea_popescu made was more subtle. Let's cite the logs:

mircea_popescu: http://btcbase.org/log/2018-10-24#1865690 << can not put files above . !
a111: Logged on 2018-10-24 19:57 phf: http://btcbase.org/log/2018-10-23#1865503 << i threw your patch on btcbase, it looks good, though i'm not sure i agree with the decision to put temp file in /tmp. the point of putting it in same hierarchy as press, was to avoid the whole cross-file-system issue
mircea_popescu: IF your program puts something in /tmp, your . is /, and live with that (i for instance will never sign such a monstrosity, unless it's the os/kernel itself)
mircea_popescu: put stuff in ./tmp like sane ppl instead wtf.
mircea_popescu: http://btcbase.org/log/2018-10-24#1865707 << ./tmp is the "cannonical" place for putting "temporary" files ; but only in the sense that ./ is the place one'd expect files to end up. it's only cannonical in the sense of cockblocking idiotic unixisms and other moronnicals.
a111: Logged on 2018-10-24 20:28 phf: i think it's an open question for the logs, whether or not /tmp is canonical place for putting temporary files, and whether or not writing a copy of what's being pressed in some arbitrary place (for all practical purposes) is a good idea

When analyzed from this point of view, it becomes immediately clear that this is rather irresponsible behavior², that enables a well-known set of vulnerabilities. Even though I doubt that in vpatch case this could have led to an exploit, eradicating classes of bugs by design is always better than eradicating single bugs. Thus, I offer the updated vpatch. It reverts the following aspect of my previous vpatch; other than that, it is completely identical to the previous one.

As before, this vpatch applies on top of vtools_ksum.vpatch, with intention to leave the previous version as an orphan vtree node. The keccak vpatches:

curl 'http://bvt-trace.net/vpatches/keccak-vtools_tempfile_standalone_notmp.vpatch' > keccak-vtools_tempfile_standalone_notmp.vpatch
curl 'http://bvt-trace.net/vpatches/keccak-vtools_tempfile_standalone_notmp.vpatch.bvt.sig' > keccak-vtools_tempfile_standalone_notmp.vpatch.bvt.sig

and SHA512:

curl 'http://bvt-trace.net/vpatches/vtools_tempfile_standalone_notmp.vpatch' > vtools_tempfile_standalone_notmp.vpatch
curl 'http://bvt-trace.net/vpatches/vtools_tempfile_standalone_notmp.vpatch.bvt.sig' > vtools_tempfile_standalone_notmp.vpatch.bvt.sig

1. According to POSIX, /tmp directory is supposed to be used for 'temporary files which may be deleted with no notice, such as by a regular job or at system boot up'. [↩]
2. Contrary to common practice. [↩]