Bugtraq mailing list archives
Re: Publically writable directories
From: jim () california sandia gov (Jim Hutchins)
Date: Tue, 18 Jun 1996 10:46:06 -0700
Is there a safe way of opening a temporary file in a publically writable directory as a normal user, given a system with symbolic links? I'm even willing to assume a sticky bit on the directory. Main problem: How do I disallow a malicious $ ln -s /tmp/some.file $MYHOME/.somedotfile at the wrong times, without getting into race conditions?
After thinking about this and watching some of the replies, I believe the absolute answer is no, you cannot avoid a race condition on all platforms. open(2) will follow a symbolic link on the platforms I tried, with or without O_EXCL. Depending on what you are trying to do, a couple possible solutions are: 1) Open the file with O_EXCL, then do an fstat, stat, and lstat and see if they all point to the same file (what to do if they don't is a different question). You would also want to check the link count and make sure it is one. Problems with this approach have already been discussed in the mailing list. 2) Open a file with a random name then rename it to the filename you want. On the systems I just tried, rename does not follow symbolic links. Some potential problems here are random names are harder to guess, though not impossible (depends on how you generate them:) , and rename may follow a symbolic link on some OS versions. Another problem is in a world-writeable directory, the file is visible before being renamed, so if no sticky bit is available, this is also open to a race condition. 3) Create a suid utility to do it for you. It should be possible to do this securely using a pre-existing sub-directory. Jim Hutchins Sandia National Labs, California ---------------------------------------------------------------- James A. Hutchins Phone: 1-510-294-2416 Sandia National Laboratories FAX: 1-510-294-1225 P.O. Box 969, MS9011 EMail: jim () ca sandia gov Livermore, CA 94551-0969
Current thread:
- Re: Publically writable directories Michael/Miguel J. Sanchez (Jun 18)
- <Possible follow-ups>
- Re: Publically writable directories Jim Hutchins (Jun 18)
- Re: Publically writable directories Bill Pemberton (Jun 19)
- Re: Publically writable directories Jim Hutchins (Jun 19)
- Re: Publically writable directories Thomas Koenig (Jun 21)