I noticed bashbug attempts creating temp file first with mktemp, and then
falls back to tempfile, and then to just using its own $TMPDIR/bbug.$$.
A malicious user could attempt prepulating bogus files to make it so that
mktemp and tempfile fail, and create many symlinks covering your PID range
for the $TMPDIR/bbug.$$ to point to your important files.
I see bashbug.sh does remove the temp file name is chose and then
overwrites it. It has a comment:
# this is raceable unless (hopefully) we used mktemp(1) or tempfile(1)
Maybe as a third choice use the temp file creation from your configure
script as an idea. Use umask 077 and create directory then user
can't place symlinks in it.
Jeremy C. Reed
technical support & remote administration
http://www.pugetsoundtechnology.com/
_______________________________________________
Bug-bash mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-bash
