On Sat, Apr 16, 2005 at 05:44:09PM -0700, Paul Jackson wrote:
 > Dave wrote:
 > > mktemp is being used here to provide randomness in the filename,
 > > not just a uniqueness.
 > Ok - useful point.
 > How about:
 >      t=${TMPDIR:-/usr/tmp}/gitdiff.$$.$RANDOM

pid is still predictable by watching ps output, $RANDOM is one of 32768
numbers, so it's still feasable to predict the result.
$RANDOM$RANDOM is better, and gets a little closer to mktemp strength 

 > > all an attacker has to do is create 65535 symlinks in /usr/tmp
 > And how about if I removed the tmp files at the top:
 >      t=${TMPDIR:-/usr/tmp}/gitdiff.$$.$RANDOM
 >      trap 'rm -fr $t.?; trap 0; exit 0' 0 1 2 3 15
 >      rm -fr $t.?
 >      ... rest of script ...

Racy, though the chance of creating x thousand symlinks in such a small
window probably makes it a non-issue.

Actually.. http://www.linuxsecurity.com/content/view/115462/151/
has some interesting bits on temp dir creation without mktemp.
See section 3.4 onwards.


To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to