Bugtraq mailing list archives
Re: request-route
From: hzoli () FRONTIERNET NET (Zoltan Hidvegi)
Date: Fri, 1 Aug 1997 01:12:23 -0400
John Macdonald wrote:
The point remains that "ln" is no worse than "mkdir" - either they both can be used directly or else "ln" can be made to work in the face of false NAKs while "mkdir" cannot be so made. There is no reason to prefer using "mkdir". If you are going to have to deal many NFS implementations, some of which might be old or buggy, then there is a reason to prefer "ln".
The reason that you might still want to use mkdir, where this whole thread originally started, is that from a Bourne shell script, there is no safe way to write to a file in a world-writable directory. Even if you create the lock file with ln, you will have to create the temporary lock file which you link and if your shell does not have some strong random number generator, it is easy for an attacker to guess the temporary lock name. Therefore, the safest way to create a lock from a shell is to create a directory (not forgetting umask 077 before that), create the temporary lock file in the new directory, link that temporary lock to the real lock and remove the temporary file and directory. That way you get all the benifits ln and your shell script will be safe. Zoltan
Current thread:
- Re: request-route Zoltan Hidvegi (Jul 31)
- Re: request-route Theo de Raadt (Aug 01)
- <Possible follow-ups>
- Re: request-route Casper Dik (Aug 01)