[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2008-5378: possible symlink attacks


Andreas Tille wrote:
> On Mon, 22 Dec 2008, Thomas Viehmann wrote:
>> Oh, and if you really care, be sure that it's a regular file (not a
>> symlink pointing to something) owned by yourself before using it as a
>> hint to kill your processes.
> Thanks for your hints.  I've prepared a patch at

The creation of tempfiles in shell looks OK save the processing of the
exit code (unless you set -e or somesuch) and the hardcoding of /tmp,
for the C side, let me quote the manpage (man 3 mktemp):
   Never use mktemp().
(This is what I meant with my comment to think about securely created
filenames instead of files, you need to use mk*s*temp which has
different semantics).
The killing part is also still somewhat wrong, IMO you want something
along the lines of
x=$(stat -c '%u %f' x) ; [ "${x%???}" == "$UID 8" ] || echo fail
to test whether it's a regular file that you own (though there is bound
to be a prettier way to verify that, even if [ -f ... ] is not part of it).

Kind regards

Thomas Viehmann, http://thomas.viehmann.net/

Reply to: