Bugtraq mailing list archives
Re: Safe /tmp cleanup
From: ewt () redhat com (Erik Troan)
Date: Thu, 13 Nov 1997 22:06:11 -0500
On Thu, 13 Nov 1997 dsiebert () ICAEN UIOWA EDU wrote:
It "checks for directoriness", and if it is a directory it chdir's into it. This does not do anything at all to prevent someone changing the name which used to be a directory into a link to somewhere else in the meantime. You have to assume an attacker can make your Perl script run arbitrarily slow (not like this is hard with Perl in the first place) and therefore can do bad things in between the lstat and the chdir. The modification to the GNU find I wrote (hopefully) catches any such possible attack. I have not looked at the RedHat thing Steven mentions, so I can't comment on how well it does in this regard.
The "Red Hat thing" (I like the phrase, so I thought I'd quote it) does indeed check to make sure it chdir()ed into the place it expected to via st_dev and st_ino information. While you can certainly do something just like this with perl, I wrote the tmpwatch Red Hat uses in C because we don't like putting basic system components in perl (or python, or tcl...). I don't feel like arguing about perl, it's just a decision to keep a minimal Red Hat system as small as possible. tmpwatch is GPLed, in case anyone else cares to look at it. Erik ------------------------------------------------------------------------------- | "For the next two hours, VH1 will be filled with foul-mouthed, | | crossdressing Australians. Viewer discretion is advised." | | | | Erik Troan = ewt () redhat com = ewt () sunsite unc edu |
Current thread:
- Re: Safe /tmp cleanup, (continued)
- Re: Safe /tmp cleanup dsiebert () ICAEN UIOWA EDU (Nov 13)
- another buffer overrun in sperl5.003 Pavel Kankovsky (Nov 13)
- Re: Safe /tmp cleanup Valdis Kletnieks (Nov 13)
- IE4.0 patch Richard Trott (Nov 13)
- X Security problem (?) Carlo Wood (Nov 13)
- Re: X Security problem (?) Matthias Buelow (Nov 14)
- Re: X Security problem (?) Scott Moseman (Nov 14)
- digital unix 4.0 hole John McDonald (Nov 14)
- What to do when you forget your cisco LD password... Dustin Sallings (Nov 13)
- Re: What to do when you forget your cisco LD password... John Bashinski (Nov 14)
- Re: Safe /tmp cleanup Erik Troan (Nov 13)
- Linux IP fragment overlap bug G P R (Nov 13)
- Re: Linux IP fragment overlap bug Alan Cox (Nov 14)
- Re: Linux IP fragment overlap bug Vadim Kolontsov (Nov 14)
- Re: Linux IP fragment overlap bug David LeBlanc (Nov 14)
- Re: Linux IP fragment overlap bug Morbid Dead Guy (Nov 16)
- Windows 95 IP Fragmentation Bug Fix? Aleph One (Nov 17)
- The Linux patch. G P R (Nov 14)
- The overlapping fragment bug Alan Cox (Nov 14)
- Re: The overlapping fragment bug Philippe Strauss (Nov 14)
- Re: The overlapping fragment bug G P R (Nov 15)