Re: severity for bugs in ignoring TMP/TMPDIR?
Ben Hutchings <ben@decadent.org.uk> writes:
> The test should be for non-random names *or* missing O_EXCL. Use of an
> entirely predictable name with O_EXCL allows a DoS and use of a
> pseudo-random name without O_EXCL may still be exploitable for
> overwriting other files if the attacker can try repeatedly.
Sometimes there are no good options other than using O_EXCL with a
predictable name because the name is used as a rendezvous point. This is
the case in some (non-default) configurations for Kerberos tickets, for
example.
But yes, it's not ideal.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: