tmp file creation in bash provided scripts

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tmp file creation in bash provided scripts

From:	Jeremy C. Reed
Subject:	tmp file creation in bash provided scripts
Date:	Mon, 9 Jan 2006 09:50:06 -0800 (PST)

I noticed bashbug attempts creating temp file first with mktemp, and then 
falls back to tempfile, and then to just using its own $TMPDIR/bbug.$$.

A malicious user could attempt prepulating bogus files to make it so that 
mktemp and tempfile fail, and create many symlinks covering your PID range 
for the $TMPDIR/bbug.$$ to point to your important files.

I see bashbug.sh does remove the temp file name is chose and then 
overwrites it. It has a comment: 

# this is raceable unless (hopefully) we used mktemp(1) or tempfile(1)

Maybe as a third choice use the temp file creation from your configure 
script as an idea. Use umask 077 and create directory then user 
can't place symlinks in it.


 Jeremy C. Reed

                         technical support & remote administration
                         http://www.pugetsoundtechnology.com/

[Prev in Thread]

Current Thread

[Next in Thread]

tmp file creation in bash provided scripts, Jeremy C. Reed <=

Prev by Date: bash -c error
Next by Date: Single quotes are lost from v="$(cmd $'A\tB')"
Previous by thread: bash -c error
Next by thread: Single quotes are lost from v="$(cmd $'A\tB')"
Index(es):
- Date
- Thread