Bugtraq mailing list archives
Re: Publically writable directories
From: ig25 () mvmampc66 ciw uni-karlsruhe de (Thomas Koenig)
Date: Tue, 18 Jun 1996 10:20:53 +0200
Brian Mitchell wrote:
In that case, would you not be better off making the tmp dir in $HOME instead of /tmp? Assuming home dir permissions aren't totally insane, that should solve most of your problems.
I asked about this because of a discussion on the ssh mailing list about where to put the .Xauthority file in case of a NFS-mounted home directory. Putting it into your home directory would be pointless, since the key to your X session would still have to travel over the network in clear. Not all systems have open(...,O_CREAT|O_EXCL ) fail if the final part of the path points to a symlink. Very good thing to implement, though. WRT the stat/fstat solutions: There is a problem in that an attacker can force you to create an arbitrary empty file through a race condition, and can delete the symlink before you can find out what file you've created. When an attacker does $ ln -s /tmp/some.file /etc/nologin and has root create /tmp/some.file, the problems are obvious. Question: Can this also create security problems for a 'normal' user? -- Thomas Koenig, Thomas.Koenig () ciw uni-karlsruhe de, ig25@dkauni2.bitnet. The joy of engineering is to find a straight line on a double logarithmic diagram.
Current thread:
- [linux-security] Big security hole in kerneld's request_route Igor Chudov @ home (Jun 13)
- system() call in suid programs Not Joe (Jan 03)
- Re: system() call in suid programs Valdis.Kletnieks () vt edu (Jun 14)
- Re: system() call in suid programs Max Hailperin (Jun 14)
- Publically writable directories Thomas Koenig (Jun 16)
- Re: Publically writable directories Neil Soveran-Charley (Jun 16)
- Re: Publically writable directories Brian Mitchell (Jun 17)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: Publically writable directories Bill Pemberton (Jun 18)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: system() call in suid programs Valdis.Kletnieks () vt edu (Jun 14)
- system() call in suid programs Not Joe (Jan 03)
- Re: Publically writable directories Bill Pemberton (Jun 17)
- Re: Publically writable directories David DeSimone (Jun 17)
- Re: Publically writable directories Valdis.Kletnieks () vt edu (Jun 17)
- Re: Publically writable directories Michael Dilger (Jun 17)