Collecting all deficiencies. torsdag den 19 januari 2012 klockan 09:01 skrev Simon Josefsson detta: > [email protected] (Ludovic Courtès) writes: > > > Hello, > > > > tests/syslogd.sh requires a writable /tmp. > > Looking further at that test, it seems buggy from another point of view > as well: the filenames are prone to a race condition when two or more > InetUtils instances is built at the same time. The filenames used are: > > # This good name base consumes twentythree chracters. > IU_GOOD_BASE=/tmp/$(date +%y-%m-%d)_socket_iu > # Add a single character to violate the size condition. > IU_BAD_BASE=/tmp/X$(date +%y-%m-%d)_socket_iu > > Further, having predictable filenames has often been used by non-root > users to mount a privilege-escalation attack (just wait until the root > user runs the script), but I haven't reviewed the script if it has this > problem as well. > > Normal practice is to use 'mktemp'. > > > The workaround I???ve used in Guile is to cd $TMPDIR, create ./my-socket, > > and use that. > > I would prefer a mktemp+cd approach. It is the most secure, follows > best practices, and is the most portable.
1. Replace $(( )) by `expr `. 2. logger(1) needs a rooted path "/this/starts/at/the/bottom". This rules out the "cd"-technique as viable work around. 3. The first illegal length is 109 or 105, depending on system. 4. Very long $TMPDIR must still be short enough to insert some random text in a template. Otherwise the subtest must be skipped. Happy hacking, Mats E A
