Re: CVE-2008-5378: possible symlink attacks

[Thomas Viehmann <tv@beamnet.de>]

Hi,

Andreas Tille wrote:
> On Mon, 22 Dec 2008, Thomas Viehmann wrote:
> 
>> Oh, and if you really care, be sure that it's a regular file (not a
>> symlink pointing to something) owned by yourself before using it as a
>> hint to kill your processes.
> 
> Thanks for your hints.  I've prepared a patch at
>http://svn.debian.org/wsvn/debian-med/trunk/packages/arb/trunk/debian/patches/tmpfile_CVE-2008-5378.patch?op=file&rev=0&sc=0

The creation of tempfiles in shell looks OK save the processing of the
exit code (unless you set -e or somesuch) and the hardcoding of /tmp,
for the C side, let me quote the manpage (man 3 mktemp):
   Never use mktemp().
(This is what I meant with my comment to think about securely created
filenames instead of files, you need to use mk*s*temp which has
different semantics).
The killing part is also still somewhat wrong, IMO you want something
along the lines of
x=$(stat -c '%u %f' x) ; [ "${x%???}" == "$UID 8" ] || echo fail
to test whether it's a regular file that you own (though there is bound
to be a prettier way to verify that, even if [ -f ... ] is not part of it).

Kind regards

T.
-- 
Thomas Viehmann, http://thomas.viehmann.net/