Re: insecure temporary file creation

To: debian-security@lists.debian.org
Subject: Re: insecure temporary file creation
From: Tollef Fog Heen <tollef@add.no>
Date: 07 Feb 2001 13:45:24 +0100
Message-id: <8766imwtjv.fsf@manon.intern.opera.no>
In-reply-to: <20010207094549.A26271@netcraft.com>
References: <MPBBILLJAONHMANIJOPDAEGEFKAA.david2@maincube.net> <00a201c0908d$af595670$0a16a8c0@matthew> <20010207094549.A26271@netcraft.com>

* Colin Phipps 

| It's a crude hack but works well. I have a version for 2.4.x which I didn't
| get around to uploading yet. There may be a better patch around, it's awhile
| since I looked; I'd be interested to know if anyone finds a better way of 
| detection.

libc hooks.  I don't like playing around in the kernel, but by using
libc hooks and ld.so.preload, you can trace all this in userspace
without risking too much.  The downside is that it doesn't work with
statically linked binaries.

Also, adding the pam-tmpdir-module might be a start as well.

-- 

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.

Reply to:

References:
- Bind log
  - From: "David Priban" <david2@maincube.net>
- insecure temporary file creation
  - From: "Matthew Sherborne" <Matthews@softtech.co.nz>
- Re: insecure temporary file creation
  - From: Colin Phipps <cph@netcraft.com>

Prev by Date: Re: insecure temporary file creation
Next by Date: Re: security.debian.org in woody
Previous by thread: Re: insecure temporary file creation
Next by thread: Re: ISPs offering ssl-encrypted e-mail?
Index(es):
- Date
- Thread