Re: Policy Weekly Issue #4/6: Secure maintainer scripts

To: Christian Schwarz <schwarz@monet.m.isar.de>
Cc: Debian Policy <debian-policy@lists.debian.org>
Subject: Re: Policy Weekly Issue #4/6: Secure maintainer scripts
From: Joey Hess <joey@kite.ml.org>
Date: Thu, 23 Oct 1997 18:13:01 -0400
Message-id: <19971023181301.14530@kite>
In-reply-to: <Pine.LNX.3.96.971023225706.17246N-100000@monet>; from Christian Schwarz on Thu, Oct 23, 1997 at 10:57:28PM +0200
References: <Pine.LNX.3.96.971023225706.17246N-100000@monet>

Christian Schwarz wrote:
> The following policy change has been proposed. It will become official
> unless someone objects now:
> 
>      Any scripts which create files in world-writable directories (i.e.
>      in /tmp) have to use a mechanism which will fail if a file with
>      the same name already exists.

I don't think this is good enough. The point isn't really to do this, it's
to create files in /tmp in a secure manner. I can see someone who isn't
familiar with the security issues reading the above and using something like
this:

TMPFILE=/tmp/myfile.$$
if [ -e "$TMPFILE" ]; then
	exit 1
fi
echo foo >$TMPFILE

And that's just not safe ($TMPFILE could be created in between the -e check
and when the script writes to it).

>      The Debian base distribution provides the `tempfile' utility for
>      use by scripts for this purpose.

-- 
see shy jo

Reply to:

References:
- Policy Weekly Issue #4/6: Secure maintainer scripts
  - From: Christian Schwarz <schwarz@monet.m.isar.de>

Prev by Date: Policy Weekly Issue #4/6: Secure maintainer scripts
Next by Date: Re: abandoning the rules of discourse
Previous by thread: Policy Weekly Issue #4/6: Secure maintainer scripts
Next by thread: Policy Weekly Issue #4/11: UUCP-locking of devices
Index(es):
- Date
- Thread