Bugtraq mailing list archives
Linux libc5 'bug' in mkstemp().
From: galexand () sietch bloomington in us (Greg Alexander)
Date: Mon, 9 Mar 1998 22:07:04 -0500
Pardon me if this is already known -- Theo, at least, had never heard of a Unix doing this. mkstemp() under Linux claims to conform to BSD4.3, but BSDs (FreeBSD and OpenBSD, at least) seem to have a slightly different behavior. Under Linux, new files are created with mode 0666, while under BSDs new files are created with mode 0600. A user need only set his umask to 0 and he will be able to write to temp files created with mkstemp() by suid root programs, unless the suid root programs set their own umask. This is probably not a major problem for any apps, but it's something everyone should note when porting security-sensitive apps to Linux from BSDs (and possibly other platforms). A quick check shows that mkstemp() is implemented in glibc2.0.7-pre1 using 0666 as well, but that was just from a prefunctory glance at the code -- something may be going on that I didn't notice. Greg Alexander - also <gralexan () indiana edu> - http://sietch.home.ml.org/ ---- Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec
Current thread:
- Re: another /tmp race: `perl -e' opens temp file not safely, (continued)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 07)
- Re: another /tmp race: `perl -e' opens temp file not safely stanislav shalunov (Mar 08)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 08)
- r00t Advisory [ LitterMaid Race Condition ] X (Mar 07)
- Re: another /tmp race: `perl -e' opens temp file not safely stanislav shalunov (Mar 08)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 08)
- Updated list of crypto and security courses Avi Rubin (Mar 09)
- *sigh* another RH5 /tmp problem Mark A. Spencer (Mar 09)
- Re: *sigh* another RH5 /tmp problem Erik Troan (Mar 10)
- Re: Linux libc5 'bug' in mkstemp(). Andreas Jaeger (Mar 10)
- Linux libc5 'bug' in mkstemp(). Greg Alexander (Mar 09)
- Re: Linux libc5 'bug' in mkstemp(). Casper Dik (Mar 10)
- Re: Plaintext passwords in Chase Online Banking dorqus maximus (Mar 08)