Bugtraq mailing list archives
/tmp race in mc-4.5.0
From: pavel () BUG UCW CZ (Pavel Machek)
Date: Tue, 13 Oct 1998 00:41:04 +0200
Hi!
mc 4.5.0 creates a temporary file in /tmp when it's started. It's called talk.fish and has the mode 644. If a user would link the file to /etc/passwd or anything else, when the root would start mc, the file would be erased.
It was me who added talk.fish file (and it kind of escaped me, sorry), it is debugging hack and it is currently disabled in my tree (and CVS). Workaround is: create /tmp/talk.fish yourself, so that noone can put symlink there solution is: do not run beta software as root, 4.0.X is stable, 4.5.0 is not. Pavel PS: There are more /tmp/ holes in midnight commander, beware. Extfs scripts contain some. I'm going to mark them FIXME: TMP RACE in development tree. What is worse, they are probably going to stay there until someone invents safe & portable way of how to work with temporary files from shell. (Actually, is this safe? It might be safe & portable, unfortunately, it is also slow & ugly) TMPDIR=/tmp/mctmpdir.$$ mkdir $TMPDIR || exit 0 cd $TMPDIR do_something > $TMPDIR/file rm $TMPDIR/file rmdir $TMPDIR ? PPS: It might be nice to contact authors of affected program few days before you post to bugtraq... -- I'm really pavel () atrey karlin mff cuni cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).
Current thread:
- Last (hopefully) update on GroupWise Simple Nomad (Oct 10)
- <Possible follow-ups>
- Last (hopefully) update on GroupWise Adrian Voinea (Feb 06)
- /tmp race in mc-4.5.0 Pavel Machek (Oct 12)
- Re: /tmp race in mc-4.5.0 Bennett Todd (Oct 14)
- Re: /tmp race in mc-4.5.0 Marc Heuse (Oct 14)
- [NTSEC] DoS attack in MS - Proxy 2.0 Jason Garms (Oct 15)
- IRIX xterm(1) exploitable buffer overflow SGI Security Coordinator (Oct 15)
- IRIX Xaw library exploitable buffer overflow SGI Security Coordinator (Oct 15)
- Microsoft Security Bulletin (MS98-015) Aleph One (Oct 16)
- HP-UX 10.20 SharedX Receiver Service DoS Security Research Team (Oct 16)
- Breaking Finger in AIX 4.2 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (Oct 20)
- Re: Breaking Finger in AIX 4.2 Troy A. Bollinger (Oct 20)
- Alert: IE 4.0 Security Zone compromise Aleph One (Oct 20)
- /tmp race in mc-4.5.0 Pavel Machek (Oct 12)