On Sat, Apr 16, 2005 at 05:44:09PM -0700, Paul Jackson wrote:
> Dave wrote:
> > mktemp is being used here to provide randomness in the filename,
> > not just a uniqueness.
>
> Ok - useful point.
>
> How about:
>
> t=${TMPDIR:-/usr/tmp}/gitdiff.$$.$RANDOM
pid is still predictable by watching ps output, $RANDOM is one of 32768
numbers, so it's still feasable to predict the result.
$RANDOM$RANDOM is better, and gets a little closer to mktemp strength
randomness.
> > all an attacker has to do is create 65535 symlinks in /usr/tmp
> And how about if I removed the tmp files at the top:
>
> t=${TMPDIR:-/usr/tmp}/gitdiff.$$.$RANDOM
> trap 'rm -fr $t.?; trap 0; exit 0' 0 1 2 3 15
> rm -fr $t.?
>
> ... rest of script ...
Racy, though the chance of creating x thousand symlinks in such a small
window probably makes it a non-issue.
Actually.. http://www.linuxsecurity.com/content/view/115462/151/
has some interesting bits on temp dir creation without mktemp.
See section 3.4 onwards.
Dave
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
