Re: Publically writable directories

[ig25 () mvmampc66 ciw uni-karlsruhe de (Thomas Koenig)]

Brian Mitchell wrote:

> In that case, would you not be better off making the tmp dir in $HOME
> instead of /tmp? Assuming home dir permissions aren't totally insane,
> that should solve most of your problems.

I asked about this because of a discussion on the ssh mailing list
about where to put the .Xauthority file in case of a NFS-mounted
home directory.

Putting it into your home directory would be pointless, since the
key to your X session would still have to travel over the network
in clear.

Not all systems have open(...,O_CREAT|O_EXCL  ) fail if the final
part of the path points to a symlink.  Very good thing to implement,
though.

WRT the stat/fstat solutions:  There is a problem in that an attacker
can force you to create an arbitrary empty file through a race
condition, and can delete the symlink before you can find out what
file you've created.

When an attacker does

$ ln -s /tmp/some.file /etc/nologin

and has root create /tmp/some.file, the problems are obvious.  Question:
Can this also create security problems for a 'normal' user?
--
Thomas Koenig, Thomas.Koenig () ciw uni-karlsruhe de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.