"... creates temporary files in an insecure manner." Tutorial?

To: debian-user@lists.debian.org
Subject: "... creates temporary files in an insecure manner." Tutorial?
From: "s. keeling" <keeling@spots.ab.ca>
Date: Tue, 21 Nov 2006 04:33:14 GMT
Message-id: <[🔎] slrnem50ca.f54.keeling@heretic.spots.ab.ca>
Reply-to: keeling@spots.ab.ca

I'm looking at:

   Subject: [SECURITY] [DSA 1216-1] New flexbackup packages fix denial of service

and I see, yet again:

   Eric Romang discovered that the flexbackup backup tool creates
   temporary files in an insecure manner, which allows denial of
   service through a symlink attack.

Thanks Eric, and no I'm not dissing flexbackup.  I'm also not an
expert.

I'm wondering whether there might be some "secure temporary file
checklist" which should be part of the
indoctrination<ESC><BackSpace>initiation phase for DDs?

Is something like:

   OUT_FILE=`/bin/mktemp -t chkrootkit.XXXXXXXXXX`

useful information?  Again, I'm no expert.  I'm trying to learn.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)    http://www.spots.ab.ca/~keeling          Linux Counter #80292
- -    http://www.faqs.org/rfcs/rfc1855.html    Please, don't Cc: me.
       Spammers! http://www.spots.ab.ca/~keeling/emails.html

Reply to:

Prev by Date: Re: Kernel 2.6 SMP very slow with ServerWorks LE Chipset
Next by Date: BIND9 Questions
Previous by thread: Re: Dpgk Error -- Can't Install Or Remove Package
Next by thread: BIND9 Questions
Index(es):
- Date
- Thread