Re: CVE-2008-5378: possible symlink attacks

To: debian-devel@lists.debian.org
Subject: Re: CVE-2008-5378: possible symlink attacks
From: Russ Allbery <rra@debian.org>
Date: Mon, 29 Dec 2008 16:32:35 -0800
Message-id: <[🔎] 87ocyujye4.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 4959686C.4060700@beamnet.de> (Thomas Viehmann's message of "Tue\, 30 Dec 2008 01\:16\:44 +0100")
References: <[🔎] alpine.DEB.2.00.0812221514540.32708@wr-linux02> <[🔎] 49500245.703@beamnet.de> <[🔎] 4950036F.1060906@beamnet.de> <[🔎] alpine.DEB.2.00.0812291954520.24272@wr-linux02> <[🔎] 49592735.2000007@beamnet.de> <[🔎] alpine.DEB.2.00.0812292137000.7894@wr-linux02> <[🔎] 4959686C.4060700@beamnet.de>

Thomas Viehmann <tv@beamnet.de> writes:
> Andreas Tille wrote:

>> Args - I've read this and intended to use in both cases mkstemp - but
>> then just forgot this.  I think just for reading files mktemp is fine.
>> The rationale is that I do not really want to rewrite the reading
>> routine which opens the file to read.  The mkstemp function also opens
>> the file and returns a handle - which is just very different from the
>> current code.  I commited a hopefully better patch (where mkstemp is
>> used for writing a file).

> Hm. What is reading here?
> Also, mkstemp(3):
>        The last six characters of template must be "XXXXXX" and these
>        are replaced with a string that makes the  filename
>        unique.   Since it will be modified, template must not be a
>        string constant, but should be declared as a character array.
> so you have the name readily available.

Right, mkstemp gives you a file name that you can then safely open.  In
code where I didn't want to break the existing flow, I've used the
following pattern many times:

    fd = mkstemp(filename);
    if (fd < 0) {
        perror("mkstemp");
        return NULL;
    }
    close(fd);
    /* Go on to use filename as the name of the temporary file... */

It's an extra few system calls, but usually it doesn't matter.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: CVE-2008-5378: possible symlink attacks
  - From: Andreas Tille <tillea@rki.de>

References:
- Re: CVE-2008-5378: possible symlink attacks
  - From: Andreas Tille <tillea@rki.de>
- Re: CVE-2008-5378: possible symlink attacks
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: CVE-2008-5378: possible symlink attacks
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: CVE-2008-5378: possible symlink attacks
  - From: Andreas Tille <tillea@rki.de>
- Re: CVE-2008-5378: possible symlink attacks
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: CVE-2008-5378: possible symlink attacks
  - From: Andreas Tille <tillea@rki.de>
- Re: CVE-2008-5378: possible symlink attacks
  - From: Thomas Viehmann <tv@beamnet.de>

Prev by Date: Re: CVE-2008-5378: possible symlink attacks
Next by Date: Re: Results for General Resolution: Lenny and resolving DFSG violations
Previous by thread: Re: CVE-2008-5378: possible symlink attacks
Next by thread: Re: CVE-2008-5378: possible symlink attacks
Index(es):
- Date
- Thread