programs/scripts using /tmp/*$$
Hi,
After reading about /tmp/*$$ on bugtraq for the longest time, I
cribbed someone else's suggestion of checking programs & scripts for
indiscriminate use of /tmp/*$$; Using a fairly well-endowed
(package-wise) machine, I've found at least 58 programs/scripts in 29
packages which are potential security holes. The problems range from
races (they rm the the temp file/directory, at some time prior to
using it) to complete lack of checking prior to use.
These aren't like the maintainer scripts which use /tmp/*$$, because
these programs aren't _usually_ executed as root; however they do
allow nasty user -> victim user attacks (of course victim user _could_
be root). This apparently lessens the severity of them. So a) any
objections to me filing bug reports on these packages to get them
fixed? and b) any suggestions as to the severity (Brian suggested
`important', Giuliano `grave')?
Notes:
1) This excludes the bugs I filed earlier as these were all maintainer
scripts which are always run as root, and as such I didn't think
filing bugs against them merited discussion.
2) I don't really want to get involved in discussions about ``more
general'' solutions to the /tmp, or rather I think such discussions
are an orthogonal issue (unless somebody comes up with a good
solution, which is universally accepted and can be applied almost
immediately everywhere), and these bugs are bugs and should be
fixed accordingly.
--
James
--
E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@lists.debian.org
Reply to: