On Tue, Oct 17, 2023, at 2:58 PM, Paul Eggert wrote: > On 10/17/23 11:16, Zack Weinberg wrote: ... >> you have to be exquisitely careful, or a malicious concurrent process >> might be able to trick you into overwriting some file elsewhere on >> the filesystem. ... > ? If /tmp is sticky, a malicious process can't rename /tmp/foo.
I might be wrong about that specific thing. It's been long enough that I no longer remember the exact details, but there was a CVE reported against GCC ... I want to say circa version 2.95 ... because it would create temporary files with predictable names in /tmp and it was *somehow* possible for a malicious process to substitute symlinks pointing into /etc, and if you were running the compiler as root, which you shouldn't but it happens all the time, boom, trashed /etc/shadow or something equally important. It is possible that this exploit depended on a kernel bug where the sticky bit didn't do everything it needed to do, but since people still want to run autoconf proper (not just configure scripts) on ancient systems, I think we need to be careful anyway. zw