[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: severity for bugs in ignoring TMP/TMPDIR?

On Mon, 2012-02-13 at 12:40 +0000, Ian Jackson wrote:
> Russ Allbery writes ("Re: severity for bugs in ignoring TMP/TMPDIR?"):
> > You could probably use strace to find problems by looking for an
> > open(O_CREAT) of a file in /tmp that doesn't look like it's
> > mkstemp-created (ending in six random characters) and doesn't use O_EXCL.
> > You'll get some false positives from files in safely-created directories.
> I once proposed a kernel patch which would detect all of these unsafe
> tmpfile problems (except if the attack was actually being carried out)
> and turn them into hard failures.
> The rule would be that if:
>   * A file is being opened in a sticky directory
>   * The file is going to be created by this operation
>   * O_EXCL was not specified
> then the syscall fails with EPERM.

A similar change has been implemented
<https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#Symlink_Protection> and will probably be included in wheezy.


Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: