many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability

To: debian-devel@lists.debian.org
Subject: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
From: Jakob Lell <Jakob.Lell@web.de>
Date: Thu, 04 Sep 2003 23:07:05 +0200
Message-id: <[🔎] pan.2003.09.04.21.07.04.662932@web.de>

Hello,
many shell scripts use tempfiles like /tmp/tempfile.$$. This creates
insecure tempfile vulnerabilities. One commonly used fix for this problem
is to use set -e or/and set -C in the shell script. This makes the whole
script fail if one command fails or pipes anything to an existing file
(e.g. if the tempfile already exists). So this can often solve a insecure
tempfile creation. However, the script then fails if the file
/tmp/tempfile.$$ exists. As any user can create this files with wrong PIDs
and thus prevent other users from using the vulnerable program, this is a
local DOS vulnerability. The same problem occurs if the script uses
something like "mkdir tmp$$ && cd tmp$$ || exit" (from /usr/bin/allec,
package tetex-bin 1.0.7+20011202-7.1) to exit if the file/directory
exists. For this reason it is IMO always a bad idea to use tempfiles or
directories like /tmp/tempfile.$$. You can use mktemp to get a tempfile or
mktemp -d to get a temporary directory securely.

Is it a good idea to report bugs against all packages containing this
local DOS vulnerability? Should this be reported to the security team?

Reply to:

Follow-Ups:
- Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
  - From: Santiago Vila <sanvila@unex.es>
- Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
  - From: Richard Kettlewell <rjk@terraraq.org.uk>

Prev by Date: Re: New version of ifupdown available
Next by Date: Re: SAL
Previous by thread: Re: SAL
Next by thread: Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
Index(es):
- Date
- Thread