Re: severity for bugs in ignoring TMP/TMPDIR?
Ben Hutchings <firstname.lastname@example.org> writes:
> The test should be for non-random names *or* missing O_EXCL. Use of an
> entirely predictable name with O_EXCL allows a DoS and use of a
> pseudo-random name without O_EXCL may still be exploitable for
> overwriting other files if the attacker can try repeatedly.
Sometimes there are no good options other than using O_EXCL with a
predictable name because the name is used as a rendezvous point. This is
the case in some (non-default) configurations for Kerberos tickets, for
But yes, it's not ideal.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>