Re: Policy Weekly Issue #4/6: Secure maintainer scripts
- To: Christian Schwarz <schwarz@monet.m.isar.de>
- Cc: Debian Policy <debian-policy@lists.debian.org>
- Subject: Re: Policy Weekly Issue #4/6: Secure maintainer scripts
- From: Joey Hess <joey@kite.ml.org>
- Date: Thu, 23 Oct 1997 18:13:01 -0400
- Message-id: <19971023181301.14530@kite>
- In-reply-to: <Pine.LNX.3.96.971023225706.17246N-100000@monet>; from Christian Schwarz on Thu, Oct 23, 1997 at 10:57:28PM +0200
- References: <Pine.LNX.3.96.971023225706.17246N-100000@monet>
Christian Schwarz wrote:
> The following policy change has been proposed. It will become official
> unless someone objects now:
>
> Any scripts which create files in world-writable directories (i.e.
> in /tmp) have to use a mechanism which will fail if a file with
> the same name already exists.
I don't think this is good enough. The point isn't really to do this, it's
to create files in /tmp in a secure manner. I can see someone who isn't
familiar with the security issues reading the above and using something like
this:
TMPFILE=/tmp/myfile.$$
if [ -e "$TMPFILE" ]; then
exit 1
fi
echo foo >$TMPFILE
And that's just not safe ($TMPFILE could be created in between the -e check
and when the script writes to it).
> The Debian base distribution provides the `tempfile' utility for
> use by scripts for this purpose.
--
see shy jo
Reply to: