Re: many scripts fail if /tmp/tempfile.$$ exists - local DOS vulnerability
Jakob Lell [EMAIL PROTECTED] writes: many shell scripts use tempfiles like /tmp/tempfile.$$. This creates insecure tempfile vulnerabilities. One commonly used fix for this problem is to use set -e or/and set -C in the shell script. This makes the whole script fail if one command fails or pipes anything to an existing file (e.g. if the tempfile already exists). 'set -C' only detects already-existing regular files, it does not prevent you writing your important data to (say) a named pipe with the right name. -- http://www.greenend.org.uk/rjk/
Re: many scripts fail if /tmp/tempfile.$$ exists - local DOS vulnerability
Santiago Vila [EMAIL PROTECTED] wrote: Jakob Lell wrote: many shell scripts use tempfiles like /tmp/tempfile.$$. This creates insecure tempfile vulnerabilities. One commonly used fix for this problem is to use set -e or/and set -C in the shell script. [...] Debian already has a general fix for that. It's called tempfile and it's in package debianutils, which is essential. [...] There is also mktemp(1) which is able to generate tempory files _and_ directories. Has by chance anybody checked the respective source-codes and could tell us whether mktemp(1) or tempfile(1) should be prefered for generating tempory /files/? Another question: tempfile(1) says: | Debian packages using tempfile in maintainer scripts must depend on | debianutils = 1.6. tempfile 1.6 was released april 1997, i.e. it was probably included in Bo, or it for sure in Hamm. Shouldn't this sentence be removed, we don't support upgrades from Bo or Hamm to potato anyway. cu andreas -- Hey, da ist ein Ballonautomat auf der Toilette! Unofficial _Debian-packages_ of latest unstable _tin_ http://www.logic.univie.ac.at/~ametzler/debian/tin-snapshot/
Re: many scripts fail if /tmp/tempfile.$$ exists - local DOS vulnerability
On Fri, 5 Sep 2003, Andreas Metzler wrote: Another question: tempfile(1) says: | Debian packages using tempfile in maintainer scripts must depend on | debianutils = 1.6. tempfile 1.6 was released april 1997, i.e. it was probably included in Bo, or it for sure in Hamm. Shouldn't this sentence be removed, we don't support upgrades from Bo or Hamm to potato anyway. What we support or we don't support regarding upgrades is not very clear yet. It changes from developer to developer. I believe supporting upgrades which skip one release (for example, from oldstable to testing) should be a must, but unfortunately this is not written anywhere.
Re: many scripts fail if /tmp/tempfile.$$ exists - local DOS vulnerability
On Fri, Sep 05, 2003 at 12:23:13PM +0200, Santiago Vila wrote: I believe supporting upgrades which skip one release (for example, from oldstable to testing) should be a must, but unfortunately this is not written anywhere. Not to mention that it hasn't really worked for several releases now. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | pgp3vVhGh80V2.pgp Description: PGP signature
many scripts fail if /tmp/tempfile.$$ exists - local DOS vulnerability
Hello, many shell scripts use tempfiles like /tmp/tempfile.$$. This creates insecure tempfile vulnerabilities. One commonly used fix for this problem is to use set -e or/and set -C in the shell script. This makes the whole script fail if one command fails or pipes anything to an existing file (e.g. if the tempfile already exists). So this can often solve a insecure tempfile creation. However, the script then fails if the file /tmp/tempfile.$$ exists. As any user can create this files with wrong PIDs and thus prevent other users from using the vulnerable program, this is a local DOS vulnerability. The same problem occurs if the script uses something like mkdir tmp$$ cd tmp$$ || exit (from /usr/bin/allec, package tetex-bin 1.0.7+20011202-7.1) to exit if the file/directory exists. For this reason it is IMO always a bad idea to use tempfiles or directories like /tmp/tempfile.$$. You can use mktemp to get a tempfile or mktemp -d to get a temporary directory securely. Is it a good idea to report bugs against all packages containing this local DOS vulnerability? Should this be reported to the security team?
Re: many scripts fail if /tmp/tempfile.$$ exists - local DOS vulnerability
Jakob Lell wrote: many shell scripts use tempfiles like /tmp/tempfile.$$. This creates insecure tempfile vulnerabilities. One commonly used fix for this problem is to use set -e or/and set -C in the shell script. [...] Debian already has a general fix for that. It's called tempfile and it's in package debianutils, which is essential. [...] Is it a good idea to report bugs against all packages containing this local DOS vulnerability? Yes, but please follow our common guidelines for reporting bugs. If you plan to submit many of them, ask here before you start.
Re: many scripts fail if /tmp/tempfile.$$ exists - local DOS vulnerability
On Fri, Sep 05, 2003 at 12:50:01AM +0200, Santiago Vila wrote: Jakob Lell wrote: [...] Is it a good idea to report bugs against all packages containing this local DOS vulnerability? Yes, but please follow our common guidelines for reporting bugs. If you plan to submit many of them, ask here before you start. Isn't that exactly what he did, in the message you just replied to? I, for one, think it sounds like a good idea. - Keegan pgp4A7StvkRHr.pgp Description: PGP signature