Bug#661627: Avoid /tmp ?
* Bernhard R. Link <brlink@debian.org> [120302 15:56]:
> And I think if there is something else, it might make sense to
> try to move it away again and try to create it again.
How about the following:
# create a directory in /tmp.
# assumes /tmp has a sticky bit set (or is only writeable by root)
create_dir() {
error=0
while true ; do
if [ $error -ne 0 ] ; then
# an error means the file-system is readonly or an attacker
# is doing evil things, distinguish by creating a temporary file.
fn="$(mktemp /tmp/testwriteable.XXXXXXXXXX)" || return 1
rm "$fn"
fi
mkdir -p -m 01777 "/tmp/$1" || { rm "/tmp/$1" || error=1 ; continue ; }
case "$(LC_ALL=C stat -c '%u %g %a %F' "/tmp/$1")" in
"0 0 1777 directory")
# everything as it is supposed to be
break
;;
"0 0 "*" directory")
# as it is owned by root, cannot be replaced with a symlink:
chmod 01777 "/tmp/$1"
break
;;
*" directory")
# if the chown succeeds, the next step can change it savely
chown -h root:root "/tmp/$1" || error=1
continue
;;
*)
# if it is not a directory, rm should be able to remove it
# unless it vanished again or was replaced with a directory
rm "/tmp/$1" || error=1
continue
;;
esac
done
}
Reply to: