[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2008-5378: possible symlink attacks

Andreas Tille wrote:
> On Mon, 29 Dec 2008, Thomas Viehmann wrote:
>>   Never use mktemp().
> Args - I've read this and intended to use in both cases mkstemp - but then
> just forgot this.  I think just for reading files mktemp is fine.  The
> rationale is that I do not really want to rewrite the reading routine
> which opens the file to read.  The mkstemp function also opens the file
> and returns a handle - which is just very different from the current code.
> I commited a hopefully better patch (where mkstemp is used for writing
> a file).
Hm. What is reading here?
Also, mkstemp(3):
       The last six characters of template must be "XXXXXX" and these
       are replaced with a string that makes the  filename
       unique.   Since it will be modified, template must not be a
       string constant, but should be declared as a character array.
so you have the name readily available.

>> The killing part is also still somewhat wrong, IMO you want something
>> along the lines of
>> x=$(stat -c '%u %f' x) ; [ "${x%???}" == "$UID 8" ] || echo fail
>> to test whether it's a regular file that you own (though there is bound
>> to be a prettier way to verify that, even if [ -f ... ] is not part of
>> it).

> Do you think that this is definitely needed to avoid any security
> problem in this specific case?

Don't know, causing people to accidentally kill their processes seems
nasty to me, but it might not be that critical.

Kind regards


Thomas Viehmann, http://thomas.viehmann.net/

Reply to: