Jochen Wiedmann created DAEMON-331:
--------------------------------------
Summary: Creating and using temporary files
Key: DAEMON-331
URL: https://issues.apache.org/jira/browse/DAEMON-331
Project: Commons Daemon
Issue Type: Improvement
Components: Jsvc
Affects Versions: 1.0.15
Environment: Linux/Unix
Reporter: Jochen Wiedmann
Fix For: 1.0.16
It came to our attention, that "jsvc" creates temporary files, naned like
"/tmp/${PID}.jsvc_up" as a means of communication between a forked client
process and the parent process.
These file names are clearly predictable, and one might get the impression,
that this could be abused as part of an attack. However, evaluation has
demonstrated, that the content of these files is never read. Therefore, even if
an attacker created these files in advance with maliciious content, it wouldn't
really affect the execution of "jsvc", apart from a prematurely ending parent
process, perhaps with the wrong exit code.
Nevertheless, this behaviour should change;
1.) In either case, the file name must be built in advance in the parent
process, and before forking the child. In other words: Parent and child must
share the same name.
2.) If possible, for example on Linux, we suggest to use mktemp(3) to create
the file name with a pattern like "${TMP}/jsvc_up.XXXXXX"
3.) On other operating systems, we suggest something like
"${TMP}//jsvc_up.${RANDOM}".
Also note, that the directory "/tmp" is not ncessarily a good location for such
temporary files, because it is writable for everyone. A user of Commons Daemon
might wish to create a special directory or such files with restricted write
permissions. In such case, the Commons Daemon user should be able to consigure
the location of "$[TMP}".
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
