Re: Bug#20241: Timezones should depend on debian-utils

To: debian-devel@lists.debian.org
Cc: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Bug#20241: Timezones should depend on debian-utils
From: Jason Gunthorpe <jgg@gpu.srv.ualberta.ca>
Date: Thu, 26 Mar 1998 22:36:55 -0700 (MST)
Message-id: <[🔎] Pine.LNX.3.96.980326222549.263N-100000@Wakko.ualberta.ca>
In-reply-to: <[🔎] 19980326211446.27371@kite>

On Thu, 26 Mar 1998, Joey Hess wrote:

> Manoj Srivastava wrote:
> > 	Where? Have you seen the exploitation mentioned somewhere, or
> >  is this wishful thinking?  I have seeen how the race conditions are
> >  exploited. This is not one of them. Have you really looked at thi, or
> >  is this a knee jerk reaction?
> 
> I could exploit it: In peudo-code:
> 
> while (dpkg is not running)
> 	sleep 1
> done
> 
> fork 100 copies of self
> while true; do
> 	for 1 to 65525; do
> 		create symlink expolit in /tmp
> 	done
> done

Hm, actually because of the way schedualling happens it is still highly
unlikely. Adding more processes like this does not make everything slower
it just increases the chance that The Evil Program will run in alternating
timeslices. It is still -highly- chaotic where the actualy context
switches will occur, and you cannot say for certain that The Evil Program
will run between the time the remove is performed and the open is
performed. 

Unfortunately when using shell scripting the act of execing rm and then
opening the script creates many more points where the os might shift
control to The Evil Process between the two operations.

> > Joey> A safe way to make a /tmp file:
> > 
> > Joey> mkdir /tmp/tmpdir || {
> > >> You can replace this with something else if you like, perhaps
> > >> something that tries another directory name.
> > Joey> echo unable to create temporary directory. Giving up. exit 1
> > >>
> > Joey> tmpfile=/tmp/tmpdir.$$/tmpfile

This is safe iff you set the umask so as to make the temp directory
unwritable by others before you create it. Otherwise the exact same
problem applies as in Manoj's example. Since directory creation is atomic, 
cannot be affected by symlinks and in this case non-root cannot erase
the directory or mutate the name it should be safe.

Once the directory has been created then it can be used as a safe tmpdir
with no race conditions - the permission bits prevent anyone but the owner
from creating evil symlinks.

Jason

--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Bug#20241: Timezones should depend on debian-utils
  - From: Joey Hess <joey@kitenet.net>

References:
- Re: Bug#20241: Timezones should depend on debian-utils
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: teTeX non-Free
Next by Date: Re: Bug#20241: Timezones should depend on debian-utils
Previous by thread: Re: Bug#20241: Timezones should depend on debian-utils
Next by thread: Re: Bug#20241: Timezones should depend on debian-utils
Index(es):
- Date
- Thread