Bugtraq mailing list archives
Re: Publically writable directories
From: athan () mersinet co uk (Neil Soveran-Charley)
Date: Sun, 16 Jun 1996 21:32:55 +0100
Is there a safe way of opening a temporary file in a publically writable directory as a normal user, given a system with symbolic links? I'm even willing to assume a sticky bit on the directory. Main problem: How do I disallow a malicious $ ln -s /tmp/some.file $MYHOME/.somedotfile at the wrong times, without getting into race conditions?
If the only user needing to access aid file is the user creating it, then one solution is to make a dir for yourself in /tmp and put your files in there. Of course you need to make SURE that the directory gets created securely so as the above problems don't affect it. I'm sure in most situations this could be done easily enough though... -Neil -- ************************************************************************** * Neil Soveran-Charley, System Administrator, Mersinet Internet Services * * Email: N.P.Soveran-Charley () mersinet co uk * **************************************************************************
Current thread:
- [linux-security] Big security hole in kerneld's request_route Igor Chudov @ home (Jun 13)
- system() call in suid programs Not Joe (Jan 03)
- Re: system() call in suid programs Valdis.Kletnieks () vt edu (Jun 14)
- Re: system() call in suid programs Max Hailperin (Jun 14)
- Publically writable directories Thomas Koenig (Jun 16)
- Re: Publically writable directories Neil Soveran-Charley (Jun 16)
- Re: Publically writable directories Brian Mitchell (Jun 17)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: Publically writable directories Bill Pemberton (Jun 18)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: system() call in suid programs Valdis.Kletnieks () vt edu (Jun 14)
- system() call in suid programs Not Joe (Jan 03)
- Re: Publically writable directories Bill Pemberton (Jun 17)
- Re: Publically writable directories David DeSimone (Jun 17)
- Re: Publically writable directories Valdis.Kletnieks () vt edu (Jun 17)
- Re: Publically writable directories Michael Dilger (Jun 17)