Re: /tmp exploits
Ian Jackson <ijackson@chiark.greenend.org.uk> writes:
> We should modify our libc so that opening a file in /tmp or /var/tmp -
> determined by simple string comparison of the filename passed to
> open(2) - fails if O_CREAT is specified without O_EXCL.
You also need to check whether the current directory is /tmp, or a
symlink to it (like /usr/tmp). A simpler way would be to check
against a umask like ((st_mode & 01007) == 01007) for the parent
directory. There's probably a race condition here, though.
> We should do this in slink. That way almost any program with a /tmp
> security hole will stop working straight away and _have_ to be fixed.
How about something like fakeroot? Anyone who wants to test /tmp
programs can start the window manager and/or shells with it, and
identify problems quickly, although not in setuid programs.
It might be nice to have an option to fix the problem as well, by
adding O_EXCL, for when you *have* to use something which has a bug.
--
Carey Evans http://home.clear.net.nz/pages/c.evans/
"[UNIX] appears to have the inside track on being the replacement for
CP/M on the largest microcomputers (e.g. those based on 68000...)"
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- References:
- /tmp exploits
- From: Ian Jackson <ijackson@chiark.greenend.org.uk>