Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability

To: debian-devel@lists.debian.org
Subject: Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
From: Richard Kettlewell <rjk@terraraq.org.uk>
From: Richard Kettlewell <rjk@terraraq.org.uk>
Date: Sat, 06 Sep 2003 15:28:04 +0100
Message-id: <[🔎] 84llt2f0uj.fsf@rjk.greenend.org.uk>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] pan.2003.09.04.21.07.04.662932@web.de> (Jakob Lell's message of "Thu, 04 Sep 2003 21:38:46 GMT")
References: <[🔎] pan.2003.09.04.21.07.04.662932@web.de>

Jakob Lell <Jakob.Lell@web.de> writes:
> many shell scripts use tempfiles like /tmp/tempfile.$$. This creates
> insecure tempfile vulnerabilities. One commonly used fix for this problem
> is to use set -e or/and set -C in the shell script. This makes the whole
> script fail if one command fails or pipes anything to an existing file
> (e.g. if the tempfile already exists).

'set -C' only detects already-existing regular files, it does not
prevent you writing your important data to (say) a named pipe with the
right name.

-- 
http://www.greenend.org.uk/rjk/

Reply to:

References:
- many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
  - From: Jakob Lell <Jakob.Lell@web.de>

Prev by Date: Re: apt-get internals help
Next by Date: Re: a couple of missing sources for stable
Previous by thread: Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
Next by thread: [no subject]
Index(es):
- Date
- Thread