On Mon, Jan 23, 2012 at 11:02 AM, <[email protected]> wrote: > On Sun, 22 Jan 2012 02:38:57 GMT, "Larry W. Cashdollar" said: > >> This is still a race condition since the pid can be guessed easily as well. >> It's better to use mktemp /tmp/debug.XXXXXXXXXX. > > No, that's *still* beatable, because if you know what the PID will be you can > guess what the XXXX will be filled in with (it's basically just salted with > the > contents of the target directory, so anybody who can do a readdir() and can > guess the pid can predict the value). What you *want* to do is read the > mktemp > documentation and find this example on how to put the file into a securely > created subdirectory rather than directly in /tmp: > > * Create a secure fifo relative to the user's choice of `TMPDIR', > but falling back to the current directory rather than `/tmp'. > Note that `mktemp' does not create fifos, but can create a secure > directory in which the fifo can live. Exit the shell if the > directory or fifo could not be created. > $ dir=$(mktemp -p "${TMPDIR:-.}" -d dir-XXXX) || exit 1 > $ fifo=$dir/fifo > $ mkfifo "$fifo" || { rmdir "$dir"; exit 1; } mkstemp or mkdtemp within $HOME? Taken directly from "Secure Programming for Linux and Unix HOWTO" (http://www.dwheeler.com/secure-programs/).
Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
