Re: CVE-2008-5378: possible symlink attacks
Thomas Viehmann wrote:
> Andreas Tille wrote:
>> 2. Make the temp file save against symlink attacks. The question
>> I have for this case which should probably be prefered is: How
>> can I savely teach an independent script about the PIDs of a
>> crashed program that should be stopped. I think random file names
>> will not really work here or do I miss something?
> How about using mkstemp with a prefix containing the pid (i.e. template
> foo_$PID_XXXXXX) and have other programs discard the random part. The
> main thing here is that he file must be created in a way that ensures
> the file to be created does not exist, not that it must not contain a
> pattern.
Oh, and if you really care, be sure that it's a regular file (not a
symlink pointing to something) owned by yourself before using it as a
hint to kill your processes.
Kind regards
T.
--
Thomas Viehmann, http://thomas.viehmann.net/
Reply to: