Re: Safe /tmp cleanup

[ewt () redhat com (Erik Troan)]

On Thu, 13 Nov 1997 dsiebert () ICAEN UIOWA EDU wrote:

> It "checks for directoriness", and if it is a directory it chdir's into it.
> This does not do anything at all to prevent someone changing the name which
> used to be a directory into a link to somewhere else in the meantime.  You
> have to assume an attacker can make your Perl script run arbitrarily slow
> (not like this is hard with Perl in the first place) and therefore can do
> bad things in between the lstat and the chdir.  The modification to the
> GNU find I wrote (hopefully) catches any such possible attack.  I have not
> looked at the RedHat thing Steven mentions, so I can't comment on how well
> it does in this regard.

The "Red Hat thing" (I like the phrase, so I thought I'd quote it) does
indeed check to make sure it chdir()ed into the place it expected to via
st_dev and st_ino information.

While you can certainly do something just like this with perl, I wrote
the tmpwatch Red Hat uses in C because we don't like putting basic
system components in perl (or python, or tcl...). I don't feel like
arguing about perl, it's just a decision to keep a minimal Red Hat system
as small as possible.

tmpwatch is GPLed, in case anyone else cares to look at it.

Erik

-------------------------------------------------------------------------------
|       "For the next two hours, VH1 will be filled with foul-mouthed,        |
|          crossdressing Australians. Viewer discretion is advised."          |
|                                                                             |
|       Erik Troan   =   ewt () redhat com     =    ewt () sunsite unc edu          |