Bugtraq mailing list archives
Re: Publically writable directories
From: Valdis.Kletnieks () vt edu (Valdis.Kletnieks () vt edu)
Date: Mon, 17 Jun 1996 11:34:20 -0400
--===_-1_Mon_Jun_17_11:34:18_EDT_1996 Content-Type: text/plain; charset=us-ascii On Sun, 16 Jun 1996 18:30:50 +0200, you said:
Is there a safe way of opening a temporary file in a publically writable directory as a normal user, given a system with symbolic links? I'm even willing to assume a sticky bit on the directory. Main problem: How do I disallow a malicious $ ln -s /tmp/some.file $MYHOME/.somedotfile at the wrong times, without getting into race conditions?
I'm not sure which you are asking for. Is it "how does a set-UID program properly test that $MYHOME/.somedotfile is in fact owned by the right user, and not a link to something it shouldnt be" or are you asking "If $MYHOME is world-writeable, how do I prevent people from putting in malicious symlinks?". If it is the latter, note that symlinks aren't needed - you can just 'cp' in whatever malicious .somedotfile you want. You have bigger problems than symlinks ;) If it is the former, I'd say it is the program's responsibility to verify the contents of a .dotfile. Personally, I usually open() the file, then fstat() the file descriptor, and verify that what I opened was what I wanted to open (check ownerships, permissions, major/minor/inode numbers, etc). And then of course sanity-check the contents as appropriate for the program. -- Valdis Kletnieks Computer Systems Engineer Virginia Tech --===_-1_Mon_Jun_17_11:34:18_EDT_1996 Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.1 iQCVAwUBMcV6+dQBOOoptg9JAQH6xwP+OtfETTpg4RJ3oXLoz3vl7vSuNjRUHCAe mdNeDshwmrc+gGc79rtuEb43c4Emix5B6gTmlDm+coCRrsaw0Ir4jhSJjniy57dA 4SkTUbbU6i8C5OW3elhkKhvsc5xU0N4ZWu8uGGhgFVM6GGGvVd2ekU8+4lZM1EuP YpyLuIYo4NM= =dE/3 -----END PGP MESSAGE----- --===_-1_Mon_Jun_17_11:34:18_EDT_1996--
Current thread:
- Re: system() call in suid programs, (continued)
- Re: system() call in suid programs Valdis.Kletnieks () vt edu (Jun 14)
- Re: system() call in suid programs Max Hailperin (Jun 14)
- Publically writable directories Thomas Koenig (Jun 16)
- Re: Publically writable directories Neil Soveran-Charley (Jun 16)
- Re: Publically writable directories Brian Mitchell (Jun 17)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: Publically writable directories Bill Pemberton (Jun 18)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: system() call in suid programs Valdis.Kletnieks () vt edu (Jun 14)
- Re: Publically writable directories Bill Pemberton (Jun 17)
- Re: Publically writable directories David DeSimone (Jun 17)
- Re: Publically writable directories Valdis.Kletnieks () vt edu (Jun 17)
- Re: Publically writable directories Michael Dilger (Jun 17)