Re: [hacksware]Pine temporary file hijacking vulnerability

["Christopher X. Candreva" <chris () WESTNET COM>]

On Mon, 11 Dec 2000, Peter W wrote:

> It would be nice if there was an easy, portable way to ensure safe temp
> file operations (mkstemp()?) but in the meantime, don't panic. Set safe
> values for TMP and TMPDIR and Pine behaves well.

I've just tried this under Solaris 8, pine 4.30, and with both $TMP and
$TMPDIR set, Pine is still writing to /tmp

There is another, more global, solution.  the AMD automouter from
cs.columbia.edu (now distributed as am-utils) has included a program called
hlfsd (Home Link File System Daemon) for a number of years.   It was
designed as a simple way to have users e-mail delivered to their home
directories instead of to /var/spool/mail .  It uses the automounter,
watches the directory it's told to, and redirects requests to that directory
from a user to a dir in their home directory.  Users think their mail is in
/var/spool/mail/username, but it's really in
/home/path/username/.hlfsdir/username

I think that program stock, with different options, should be able to do the
same thing to /tmp very easily. Every program will now write safely to /tmp,
who cares how it's written.

The home page for am-utils is http://www.cs.columbia.edu/~ezk/am-utils/

This is pure theory, but I may try this out on a test system tomorrow.

-Chris

==========================================================
Chris Candreva  -- chris () westnet com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/