On Mon, 2012-02-13 at 12:40 +0000, Ian Jackson wrote:
> Russ Allbery writes ("Re: severity for bugs in ignoring TMP/TMPDIR?"):
> > You could probably use strace to find problems by looking for an
> > open(O_CREAT) of a file in /tmp that doesn't look like it's
> > mkstemp-created (ending in six random characters) and doesn't use O_EXCL.
> > You'll get some false positives from files in safely-created directories.
>
> I once proposed a kernel patch which would detect all of these unsafe
> tmpfile problems (except if the attack was actually being carried out)
> and turn them into hard failures.
>
> The rule would be that if:
> * A file is being opened in a sticky directory
> * The file is going to be created by this operation
> * O_EXCL was not specified
> then the syscall fails with EPERM.
[...]
A similar change has been implemented
<https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#Symlink_Protection> and will probably be included in wheezy.
Ben.
--
Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein
Attachment:
signature.asc
Description: This is a digitally signed message part