commit e8f8196230ae15f6f7d7104ded3e2633002506e4
Author: faxguy <faxguy@5505949e-d877-4686-9e03-c53b7a51b376>
Date:   Sat Jun 13 23:46:33 2020 +0000

    Johannes Segitz reported two issues:
    
    1) faxaddmodem, faxsetup, and probemodem create temporary directories in a way that is not secure due to a race condition.
    
    2) The HylaFAX spool directory bin and etc subdirectories are not secure against uucp deleting and recreating scripts that root runs.
    
    These changes address these two issues.
    
    
    
    git-svn-id: https://svn.code.sf.net/p/hylafax/HylaFAX+@2534 5505949e-d877-4686-9e03-c53b7a51b376

diff --git a/CONTRIBUTORS b/CONTRIBUTORS
index 057739f..a9d4f21 100644
--- a/CONTRIBUTORS
+++ b/CONTRIBUTORS
@@ -203,6 +203,7 @@ following for their contributions:
   Travis Schafer			LogSend and LogRecv modem config options, documentation fixes
   Sven Schmidt
   Steven Schoch				faxrcvd faxinfo text parsing
+  Johannes Segitz			code security audit
   John Sellens
   Chris Severance			documentation fixes, scripting improvements
   Simon <iahnl@iah.nl>
diff --git a/Makefile.in b/Makefile.in
index 1ee4d76..ec0cda7 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -208,7 +208,10 @@ makeServerDirs::
 	    -idb hylafax.sw.server -root ${INSTALLROOT} -dir ${SPOOL}
 	-${INSTALL} -u ${FAXUSER} -g ${FAXGROUP} -m ${DIRMODE} \
 	    -idb hylafax.sw.server -dir \
-	    -root ${INSTALLROOT} -F ${SPOOL} bin client config dev etc info log recvq status
+	    -root ${INSTALLROOT} -F ${SPOOL} client config dev info log recvq status
+	-${INSTALL} -u root -g root -m ${DIRMODE} \
+	    -idb hylafax.sw.server -dir \
+	    -root ${INSTALLROOT} -F ${SPOOL} bin etc
 	-${INSTALL} -u ${FAXUSER} -g ${FAXGROUP} -m 700 \
 	    -idb hylafax.sw.server -dir \
 	    -root ${INSTALLROOT} -F ${SPOOL} sendq doneq docq tmp pollq archive
diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in
index dc39917..c4d3ff1 100644
--- a/etc/faxaddmodem.sh.in
+++ b/etc/faxaddmodem.sh.in
@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then
 fi
 
 # security
+o="`umask`"
+umask 077
 TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null`
+umask "$o"
 if test X$TMPDIR = X; then
-    TMPDIR=/tmp/.faxaddmodem$$
+    echo "Failed to create temporary directory.  Cannot continue."
+    exit 1
 fi
-@RM@ -rf $TMPDIR
-(umask 077 ; mkdir $TMPDIR) || exit 1
 
 SH=$SCRIPT_SH			# shell for use below
 CPATH=$SPOOL/etc/config		# prefix of configuration file
diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in
index 556eef5..b4aae40 100644
--- a/etc/faxsetup.sh.in
+++ b/etc/faxsetup.sh.in
@@ -922,12 +922,14 @@ if onServer; then
     #
 
     # Setup TMPDIR before anything can trap and rm it
+    o="`umask`"
+    umask 077
     TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null`
+    umask "$o"
     if test x$TMPDIR = x; then
-	TMPDIR=/tmp/.faxsetup$$
+	echo "Failed to create temporary directory.  Cannot continue."
+	exit 1
     fi
-    $RM -rf $TMPDIR
-    (umask 077 ; mkdir $TMPDIR) || exit 1
 
     JUNK="etc/setup.tmp"
     trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15
diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in
index 55b5d9b..c0abf15 100644
--- a/etc/probemodem.sh.in
+++ b/etc/probemodem.sh.in
@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || {
 . $SPOOL/etc/setup.cache	# common configuration stuff
 . $SPOOL/etc/setup.modem	# modem-specific stuff
 
+o="`umask`"
+umask 077
 TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null`
+umask "$o"
 if test X$TMPDIR = X; then
-    TMPDIR=/tmp/.probemodem$$
+    echo "Failed to create temporary directory.  Cannot continue."
+    exit 1
 fi
-@RM@ -fr $TMPDIR
-(umask 077 ; mkdir $TMPDIR) || exit 1
 
 SH=$SCRIPT_SH			# shell for use below
 OUT=$TMPDIR/probemodem$$	# temp file in which modem output is recorded