[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Fwd: Etch's and Lenny's mktemp seriously broken]

On Fri, Aug 15, 2008 at 10:56:06PM +0200, Sven Joachim wrote:
> On 2008-08-15 21:16 +0200, Andrei Popescu wrote:
> 
> > On Fri,15.Aug.08, 16:05:13, Sven Joachim wrote:
> >> However, Nico Golde informed me that mktemp has a `-u' switch which will
> >> unlink the file before mktemp exits.  If you use that, the easy-to-guess
> >> filename becomes a severe problem.
> >  
> > I must be dense, could you please elaborate on how this can be a 
> > problem?
> 
> It opens precisely the can of worms that mktemp was supposed to close,
> see the mktemp(1) and mktemp(3) manpages.  Look for "symlink attack" in
> your preferred Web search engine.

And what BadThings happen due to that unlink?

-- 
Tzafrir Cohen         | tzafrir@jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir@cohens.org.il |                    |  best
ICQ# 16849754         |                    | friend
Reply to: