Re: CVE-2008-5378: possible symlink attacks
On Mon, 29 Dec 2008, Thomas Viehmann wrote:
Never use mktemp().
Args - I've read this and intended to use in both cases mkstemp - but then
just forgot this. I think just for reading files mktemp is fine. The
rationale is that I do not really want to rewrite the reading routine
which opens the file to read. The mkstemp function also opens the file
and returns a handle - which is just very different from the current code.
I commited a hopefully better patch (where mkstemp is used for writing
a file).
(This is what I meant with my comment to think about securely created
filenames instead of files, you need to use mk*s*temp which has
different semantics).
At least I had the good idea to ask vor cross checking ...
The killing part is also still somewhat wrong, IMO you want something
along the lines of
x=$(stat -c '%u %f' x) ; [ "${x%???}" == "$UID 8" ] || echo fail
to test whether it's a regular file that you own (though there is bound
to be a prettier way to verify that, even if [ -f ... ] is not part of it).
Do you think that this is definitely needed to avoid any security
problem in this specific case?
Kind regards
Andreas.
--
http://fam-tille.de
Reply to: