Re: CVE-2008-5378: possible symlink attacks

To: debian-devel@lists.debian.org
Subject: Re: CVE-2008-5378: possible symlink attacks
From: Thomas Viehmann <tv@beamnet.de>
Date: Mon, 22 Dec 2008 22:10:29 +0100
Message-id: <[🔎] 49500245.703@beamnet.de>
In-reply-to: <[🔎] alpine.DEB.2.00.0812221514540.32708@wr-linux02>
References: <[🔎] alpine.DEB.2.00.0812221514540.32708@wr-linux02>

Hi,

Andreas Tille wrote:
>   2. Make the temp file save against symlink attacks.  The question
>      I have for this case which should probably be prefered is: How
>      can I savely teach an independent script about the PIDs of a
>      crashed program that should be stopped.  I think random file names
>      will not really work here or do I miss something?
How about using mkstemp with a prefix containing the pid (i.e. template
foo_$PID_XXXXXX) and have other programs discard the random part. The
main thing here is that he file must be created in a way that ensures
the file to be created does not exist, not that it must not contain a
pattern.
By the way, if you permit the nitpicking: "random file name" may be true
for efficiency reasons, but the security aspect reaches beyond that (by
excluding that the filename to be created is used by chance), so it's
best not to think about "file with a safe name", but about "safely
created file".

Kind regards

T.
-- 
Thomas Viehmann, http://thomas.viehmann.net/

Reply to:

Follow-Ups:
- Re: CVE-2008-5378: possible symlink attacks
  - From: Thomas Viehmann <tv@beamnet.de>

References:
- Re: CVE-2008-5378: possible symlink attacks
  - From: Andreas Tille <tillea@rki.de>

Prev by Date: Bug#509485: ITP: libgooglecharts-ruby -- Ruby library to create sexy charts using the Google API
Next by Date: Re: CVE-2008-5378: possible symlink attacks
Previous by thread: Re: CVE-2008-5378: possible symlink attacks
Next by thread: Re: CVE-2008-5378: possible symlink attacks
Index(es):
- Date
- Thread