On Mon, 28 Jul 2003, McKown, John wrote:
> > -----Original Message-----
> > From: Guillaume Morin [mailto:[EMAIL PROTECTED]
> > Sent: Monday, July 28, 2003 12:35 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Stripping trailing blanks?
> >
> >
>
> <snip>
>
> >
> > The problem is actually the predictible file name in a world-writable
> > directory. An attacker could create a symlink with the name
> > "strip.pid"
> > (a pid is actually pretty easy to predict, and you can always
> > create as
> > much symlinks as you want) pointing to one of your files and when
> > launching the command you would overwrite the file. It is really a
> > disaster if root runs this command.
> >
> > Guillaume
>
> Understand increases, thanks. I guess it would be "better" if, somehow, /tmp
> could refer to a different filesystem or directory for each individual user.
> UNIX on OS/390 does have something like this. A different kind of symlink
> which is dependant on the userid. Or perhaps, setup /tmp/$USER for every
> valid use and don't have /tmp be world-writable. I wonder why Linux doesn't
> do that? It should be easy to change the scripts that use /tmp to use
> /tmp/$USER and to change the useradd program to create /tmp/$USER when it
> creates /home/$USER and make it have the correct permissions. Or even create
> /home/$USER/tmp and symlink it to /tmp/$USER. Just some weird thoughts from
> a "legacy" sysprog. I may well be all wet.
BGack in days of yore, wasn't considered important. Esp if, as I think,
symlinks are a relatively recent innovation.
If I write a script for my own use, there's no likelihood of that
insecure model being a problem, it will work fine for me. If I give you
a copy, and you use it on your {x,p,i,z}Box with a zillion users, you'd
better check.
There exists mktemp for creating temporary files with unpredictable
names.
My model doesn't have this problem if the file you're manipulating is in
a safe area. I first rename the file, then create a new one.
If it existed in an unsafe area such as /tmp, then there is a race
condition. Often, that's not a problem even then - to exploit it,
someone would need to know the opportunity exists.
--
Cheers
John.
Join the "Linux Support by Small Businesses" list at
http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
Copyright John Summerfield. Reproduction prohibited.
