Re: [Fwd: Etch's and Lenny's mktemp seriously broken]

To: debian-user@lists.debian.org
Subject: Re: [Fwd: Etch's and Lenny's mktemp seriously broken]
From: Sven Joachim <svenjoac@gmx.de>
Date: Fri, 15 Aug 2008 22:56:06 +0200
Message-id: <[🔎] 87fxp6t2u1.fsf@gmx.de>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20080815191611.GL22891@think.homelan> (Andrei Popescu's message of "Fri, 15 Aug 2008 22:16:11 +0300")
References: <[🔎] 48A5437C.7080908@drwetter.org> <[🔎] 87vdy2pouw.fsf@gmx.de> <[🔎] 87abfev0fa.fsf@gmx.de> <[🔎] 20080815191611.GL22891@think.homelan>

On 2008-08-15 21:16 +0200, Andrei Popescu wrote:

> On Fri,15.Aug.08, 16:05:13, Sven Joachim wrote:
>> However, Nico Golde informed me that mktemp has a `-u' switch which will
>> unlink the file before mktemp exits.  If you use that, the easy-to-guess
>> filename becomes a severe problem.
>  
> I must be dense, could you please elaborate on how this can be a 
> problem?

It opens precisely the can of worms that mktemp was supposed to close,
see the mktemp(1) and mktemp(3) manpages.  Look for "symlink attack" in
your preferred Web search engine.

Sven

Reply to:

Follow-Ups:
- Re: [Fwd: Etch's and Lenny's mktemp seriously broken]
  - From: Tzafrir Cohen <tzafrir@cohens.org.il>

References:
- [Fwd: Etch's and Lenny's mktemp seriously broken]
  - From: Dirk Wetter <spam@drwetter.org>
- Re: [Fwd: Etch's and Lenny's mktemp seriously broken]
  - From: Sven Joachim <svenjoac@gmx.de>
- Re: [Fwd: Etch's and Lenny's mktemp seriously broken]
  - From: Sven Joachim <svenjoac@gmx.de>
- Re: [Fwd: Etch's and Lenny's mktemp seriously broken]
  - From: Andrei Popescu <andreimpopescu@gmail.com>

Prev by Date: Re: Upgrading Hard Drives
Next by Date: Re: Upgrading Hard Drives
Previous by thread: Re: [Fwd: Etch's and Lenny's mktemp seriously broken]
Next by thread: Re: [Fwd: Etch's and Lenny's mktemp seriously broken]
Index(es):
- Date
- Thread