[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
tmp file creation in bash provided scripts
From: |
Jeremy C. Reed |
Subject: |
tmp file creation in bash provided scripts |
Date: |
Mon, 9 Jan 2006 09:50:06 -0800 (PST) |
I noticed bashbug attempts creating temp file first with mktemp, and then
falls back to tempfile, and then to just using its own $TMPDIR/bbug.$$.
A malicious user could attempt prepulating bogus files to make it so that
mktemp and tempfile fail, and create many symlinks covering your PID range
for the $TMPDIR/bbug.$$ to point to your important files.
I see bashbug.sh does remove the temp file name is chose and then
overwrites it. It has a comment:
# this is raceable unless (hopefully) we used mktemp(1) or tempfile(1)
Maybe as a third choice use the temp file creation from your configure
script as an idea. Use umask 077 and create directory then user
can't place symlinks in it.
Jeremy C. Reed
technical support & remote administration
http://www.pugetsoundtechnology.com/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- tmp file creation in bash provided scripts,
Jeremy C. Reed <=