[jira] [Commented] (DAEMON-331) Creating and using temporary files

Wed, 11 Mar 2015 02:21:56 -0700 

    [ 
https://issues.apache.org/jira/browse/DAEMON-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14356519#comment-14356519
 ] 

Jochen Wiedmann commented on DAEMON-331:
----------------------------------------

Not that it actually matters (again, the file is not actually read), but out of 
general security considerations: Please use

  O_RDWR | O_CREAT | O_EXCL, S_IRUSR|S_IWUSR

when creating the file, so that symlinks aren't followed.


> Creating and using temporary files
> ----------------------------------
>
>                 Key: DAEMON-331
>                 URL: https://issues.apache.org/jira/browse/DAEMON-331
>             Project: Commons Daemon
>          Issue Type: Improvement
>          Components: Jsvc
>    Affects Versions: 1.0.15
>         Environment: Linux/Unix
>            Reporter: Jochen Wiedmann
>             Fix For: 1.0.16
>
>
> It came to our attention, that "jsvc" creates temporary files, naned like 
> "/tmp/${PID}.jsvc_up" as a means of communication between a forked client 
> process and the parent process.
> These file names are clearly predictable, and one might get the impression, 
> that this could be abused as part of an attack. However, evaluation has 
> demonstrated, that the content of these files is never read. Therefore, even 
> if an attacker created these files in advance with maliciious content, it 
> wouldn't really affect the execution of "jsvc", apart from a prematurely 
> ending parent process, perhaps with the wrong exit code.
> Nevertheless, this behaviour should change;
> 1.) In either case, the file name must be built in advance in the parent 
> process, and before forking the child. In other words: Parent and child must 
> share the same name.
> 2.) If possible, for example on Linux, we suggest to use mktemp(3) to create 
> the file name with a pattern like "${TMP}/jsvc_up.XXXXXX"
> 3.) On other operating systems, we suggest something like
>      "${TMP}//jsvc_up.${RANDOM}".
> Also note, that the directory "/tmp" is not ncessarily a good location for 
> such temporary files, because it is writable for everyone. A user of Commons 
> Daemon might wish to create a special directory or such files with restricted 
> write permissions. In such case, the Commons Daemon user should be able to 
> consigure the location of "$[TMP}".



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to