On Sat, Apr 05, 2008 at 10:52:05PM +0100, [EMAIL PROTECTED] wrote: > > I've been looking at fixing the various insecure uses of mktemp() > in the nmh codebase. I've gradually realised that although some of > them are fixable, some are really very tricky. The trouble is that > much of the code assumes that you can create a temporary file and > then later on reopen it by name[*]; and often this happens by a > very indirect route, with a tempfile name being passed into > functions which might also be using normal message files. Or we > might create a tempfile and then rename it to something else. > > So I think that it might be better to sidestep the whole issue > by just having nmh create its temporary files in ~/Mail. Because > this directory isn't writable except by the user, there's no > danger of malicious attackers creating symlinks in it as there > is with putting files in /tmp/. Some work would still be > required, but nowhere near as much.
I have to agree that this is a good solution short of massive code changes. I believe that users can currently do this by setting their TEMP variable to a directory that they control, but a systematic use of a temporary directory specially for nmh seems like a good policy. Something like ~/Mail/.temp or some such so as not to interfere with a potential folder called temp. -- -><- Nick Rusnov -><- http://nick.industrialmeats.com -><- [EMAIL PROTECTED]/[EMAIL PROTECTED] _______________________________________________ Nmh-workers mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/nmh-workers
