Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
Dmitry E. Oboukhov wrote:
> EVL>>> The idea behind libpam-tmpdir is that it creates a subdirectory of /tmp
> EVL>>> that is only accessible by that user, and then sets TMPDIR and other
> EVL>>> variables to that. Hence, it doesn't matter nearly as much if you
> EVL>>> create a non-random filename, because nobody but you can access it.
> EVL>>
> EVL>> Yes, but
> EVL>> scripts must use $TMPDIR instead '/tmp' or mktemp/tempfile utils :)
> EVL> tempfile uses $TMPDIR by default :)
>
> sorry,
> scripts must use $TMPDIR or _must_ _use_ mktemp/tempfile ;)
Why use $TMPDIR at all?
$TMPDIR may not be set (libpam-tmp may not be installed[1]), so you have
to test for it. If the test fails, you have to fall back to mktemp or
tempfile.
As mktemp and tempfile are both essential[2], they can be relied upon.
If $TMPDIR is set, it may be set to something bad, like /tmp. You can be
left with the exact same problem you are trying to solve.
Both mktemp and tempfile support $TMPDIR, and will fall back gracefully
if $TMPDIR does not exist in the environment.
My impression is that mktemp or tempfile should be used, and ignore
TMPDIR anyway. If you really need a directory to write lots of files to,
mktemp -d is there for you.
Is there any scenario where using mktemp or tempfile fails, and sing
$TMPDIR succeeds?
[1] % aptitude search libpam-tmp
p libpam-tmpdir - automatic per-user temporary directories
[2] % aptitude show $(dpkg -S $(which mktemp tempfile) | sed 's/:.*//') | grep -E '^(Pa|E)'
Package: mktemp
Essential: yes
Package: debianutils
Essential: yes
[3] I liked [2] too much to remove it. Sorry.
--
John H. Robinson, IV jaqque@debian.org
http ((((
WARNING: I cannot be held responsible for the above, sbih.org ( )(:[
as apparently my cats have learned how to type. spiders.html ((((
Reply to: