Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Publically writable directories

From: athan () mersinet co uk (Neil Soveran-Charley)
Date: Sun, 16 Jun 1996 21:32:55 +0100



Is there a safe way of opening a temporary file in a publically writable
directory as a normal user, given a system with symbolic links?
I'm even willing to assume a sticky bit on the directory.

Main problem: How do I disallow a malicious

$ ln -s /tmp/some.file $MYHOME/.somedotfile

at the wrong times, without getting into race conditions?


  If the only user needing to access aid file is the user creating it,
then one solution is to make a dir for yourself in /tmp and put your
files in there. Of course you need to make SURE that the directory gets
created securely so as the above problems don't affect it. I'm sure in
most situations this could be done easily enough though...

-Neil
--
**************************************************************************
* Neil Soveran-Charley, System Administrator, Mersinet Internet Services *
* Email: N.P.Soveran-Charley () mersinet co uk                              *
**************************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: