Full Disclosure mailing list archives
Re: Symlink vulnerabilities
From: Tavis Ormandy <taviso () cmpxchg8b com>
Date: Sat, 22 Oct 2011 11:44:43 +0200
bugs () fbi dhs org wrote:
bashbug: /usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$ Maybe I should use bashbug to report a bug in bashbug?
I took a quick look, it's actually using mkdir to create a temporary directory in /tmp, which it uses for collecting support files. This is actually a safe way to use /tmp, assuming you check the return code of mkdir (which it does). The mkdir() system call behaves very differently to open(), and is not vulnerable to these attacks. Tavis. -- ------------------------------------- taviso () cmpxchg8b com | pgp encrypted mail preferred ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Symlink vulnerabilities bugs (Oct 21)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 21)
- Re: Symlink vulnerabilities Michal Zalewski (Oct 21)
- Re: Symlink vulnerabilities Byron Sonne (Oct 21)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 21)
- Re: Symlink vulnerabilities Raj Mathur (राज माथुर) (Oct 21)
- Re: Symlink vulnerabilities James Condron (Oct 22)
- Re: Symlink vulnerabilities Michal Zalewski (Oct 22)
- Re: Symlink vulnerabilities Michal Zalewski (Oct 21)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 21)
- Re: Symlink vulnerabilities dave bl (Oct 21)
- Re: Symlink vulnerabilities bugs (Oct 22)
- Re: Symlink vulnerabilities Leon Kaiser (Oct 24)
- Re: Symlink vulnerabilities bugs (Oct 24)
- Re: Symlink vulnerabilities xD 0x41 (Oct 25)
- Re: Symlink vulnerabilities Tavis Ormandy (Oct 25)
- Re: Symlink vulnerabilities bugs (Oct 25)
- Re: Symlink vulnerabilities Tavis Ormandy (Oct 25)
- Re: Symlink vulnerabilities xD 0x41 (Oct 25)
- Re: Symlink vulnerabilities Michal Zalewski (Oct 25)