Bugtraq mailing list archives
Re: OSS nice tmp race
From: mudge () L0PHT COM (Dr. Mudge)
Date: Sat, 19 Dec 1998 01:33:55 -0500
Another option, if one must remain in the /tmp directory is to use mkdir and check the return value since mkdir is atomic, then place your droppings in there (don't forget your umask before-hand :)). .mudge On Fri, 18 Dec 1998, Pavel Kankovsky wrote:
On Thu, 17 Dec 1998, Stefan Laudat wrote:I think the correct code is : ## insert before line 26 if [ -L /tmp/oss.tmp ] then<emotions> Scream! There is no f... reason why you should do this way. </emotions> But there are good reasons why you should NOT. For instace, /tmp/oss.tmp can be a HARDLINK to some important file. One can make a directory of this name (denial of service). Correct solution: variant 1: TMPFILE=/var/run/oss.tmp $MODTOOLS/insmod -V > $TMPFILE ... variant 2: (if you can't live without a file in /tmp) TMPFILE=`mktemp /tmp/oss.XXXXXX` [ -n "$TMPFILE" ] || exit 1 # cannot create a temp file $MODTOOLS/insmod -V > $TMPFILE ... (OpenBSD's mktemp is included in all recent versions of RedHat and Debian) --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "NSA GCHQ KGB CIA nuclear conspiration war weapon spy agent... Hi Echelon!" P.S. A real perfectionist would add some code to prevent a collision of two concurrent invocations of soundon. P.S.2 When was that bug reported? soundon in an recent OSS installations I have seen last week puts the file into the directory it was installed in. Putting temporary files into /usr is lame but it is certainly better than /tmp/oss.tmp.
Current thread:
- new tcp scan method, (continued)
- new tcp scan method antirez (Dec 17)
- Re: wordperfect 8 for linux security Dug Song (Dec 18)
- Re: wordperfect 8 for linux security Keith Owens (Dec 18)
- Irc: another funny stuff. In some irc clients dcc may be hijacked. awgn () COSMOS IT (Dec 19)
- ValueClick CGI Vulnerability Philip Stoev (Dec 19)
- FTP.SODRE.NET Hacked... Eggdrop Modified.. Geoffrey Huntley (Dec 19)
- Re: FTP.SODRE.NET Hacked... Eggdrop Modified.. Matt Hallacy (Dec 19)
- ip header id patched. awgn () COSMOS IT (Dec 19)
- ValueClick Ellen (Dec 19)
- Re: OSS nice tmp race Pavel Kankovsky (Dec 18)
- Re: OSS nice tmp race Dr. Mudge (Dec 18)
- Re: OSS nice tmp race Joel Eriksson (Dec 18)
- OSS nice tmp race the razor of love (Dec 18)
- Re: OSS nice tmp race Crispin Cowan (Dec 20)
- Re: OSS nice tmp race X-Force (Dec 21)
- AOL client uses IP tunneling Aviram Jenik (Dec 21)
- Re: your mail Craig A. Huegen (Dec 21)
- Re: your mail Alan Cox (Dec 22)