[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

Dmitry E. Oboukhov wrote:
> EVL>>> The idea behind libpam-tmpdir is that it creates a subdirectory of /tmp
> EVL>>> that is only accessible by that user, and then sets TMPDIR and other
> EVL>>> variables to that. Hence, it doesn't matter nearly as much if you
> EVL>>> create a non-random filename, because nobody but you can access it.
> EVL>> 
> EVL>> Yes, but
> EVL>> scripts must use $TMPDIR instead '/tmp' or mktemp/tempfile utils :)
> EVL> tempfile uses $TMPDIR by default :)
> sorry, 
> scripts must use $TMPDIR or _must_ _use_ mktemp/tempfile ;)

Why use $TMPDIR at all?

$TMPDIR may not be set (libpam-tmp may not be installed[1]), so you have
to test for it. If the test fails, you have to fall back to mktemp or

As mktemp and tempfile are both essential[2], they can be relied upon.

If $TMPDIR is set, it may be set to something bad, like /tmp. You can be
left with the exact same problem you are trying to solve.

Both mktemp and tempfile support $TMPDIR, and will fall back gracefully
if $TMPDIR does not exist in the environment. 

My impression is that mktemp or tempfile should be used, and ignore
TMPDIR anyway. If you really need a directory to write lots of files to,
mktemp -d is there for you.

Is there any scenario where using mktemp or tempfile fails, and sing
$TMPDIR succeeds?

[1] % aptitude search libpam-tmp
    p   libpam-tmpdir              - automatic per-user temporary directories  

[2] % aptitude show $(dpkg -S $(which mktemp tempfile) | sed 's/:.*//') | grep -E '^(Pa|E)'
    Package: mktemp
    Essential: yes
    Package: debianutils
    Essential: yes

[3] I liked [2] too much to remove it. Sorry.

John H. Robinson, IV          jaqque@debian.org
                                                                 http  ((((
WARNING: I cannot be held responsible for the above,         sbih.org ( )(:[
as apparently my cats have learned how to type.          spiders.html  ((((

Reply to: