Re: /tmp exploits

To: debian-devel@lists.debian.org
Subject: Re: /tmp exploits
From: Carey Evans <c.evans@clear.net.nz>
Date: 21 Apr 1998 20:00:43 +1200
Message-id: <[🔎] 87son7txhw.fsf@psyche.evansnet>
In-reply-to: Ian Jackson's message of Mon, 20 Apr 1998 13:20:10 +0100
References: <[🔎] E0yRFYQ-0000Q7-00@chiark.greenend.org.uk>

Ian Jackson <ijackson@chiark.greenend.org.uk> writes:

> We should modify our libc so that opening a file in /tmp or /var/tmp -
> determined by simple string comparison of the filename passed to
> open(2) - fails if O_CREAT is specified without O_EXCL.

You also need to check whether the current directory is /tmp, or a
symlink to it (like /usr/tmp).  A simpler way would be to check
against a umask like ((st_mode & 01007) == 01007) for the parent
directory.  There's probably a race condition here, though.

> We should do this in slink.  That way almost any program with a /tmp
> security hole will stop working straight away and _have_ to be fixed.

How about something like fakeroot?  Anyone who wants to test /tmp
programs can start the window manager and/or shells with it, and
identify problems quickly, although not in setuid programs.

It might be nice to have an option to fix the problem as well, by
adding O_EXCL, for when you *have* to use something which has a bug.

-- 
	 Carey Evans  http://home.clear.net.nz/pages/c.evans/

"[UNIX] appears to have the inside track on being the replacement for
  CP/M on the largest microcomputers (e.g. those based on 68000...)"

--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- /tmp exploits
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: Re: Intent to package: debian-keyring
Next by Date: intent to package: mayko xmap
Previous by thread: Re: /tmp exploits
Next by thread: Re: /tmp exploits
Index(es):
- Date
- Thread