oss-sec mailing list archives

Re: Security risk of vim swap files

From: Jakub Wilk <jwilk () jwilk net>
Date: Mon, 6 Nov 2017 22:14:32 +0100

* Solar Designer <solar () openwall com>, 2017-11-06, 21:00:

I don't know what state glibc was in with regard to honoring, ignoring,or unsetting TMPDIR in SUID programs in 1998-1999.

glibc's tempnam() did inadvertently honor TMPDIR in setuid/setgidprograms, but the bug was fixed in 1996:

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d68171edce96cb59b5cb869f6a82afcc50db00be

In 2000, glibc started unsetting TMPDIR in such programs:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=74955460c5b9f23d7783395ce2478f5b7c5fd876

Curiously, Hurd implementation of tmpfile() seems to honor TMPDIR:
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/mach/hurd/tmpfile.c;h=8bcfb81a104f37f271b18fe2eea3d40f7d101634;hb=HEAD#l40

--
Jakub Wilk

Current thread:

Re: Fw: Security risk of vim swap files, (continued)
- - Re: Fw: Security risk of vim swap files Steffen Nurpmeso (Oct 31)
  - Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
    - Re: Fw: Security risk of vim swap files Simon McVittie (Nov 01)
    - Re: Fw: Security risk of vim swap files Tim (Nov 01)
    - Re: Fw: Security risk of vim swap files Jeffrey Walton (Nov 01)
    - Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 01)
    - Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
    - Re: Fw: Security risk of vim swap files Solar Designer (Nov 01)
    - Re: Security risk of vim swap files Ian Zimmerman (Nov 06)
    - Re: Security risk of vim swap files Solar Designer (Nov 06)
    - Re: Security risk of vim swap files Jakub Wilk (Nov 06)
    - Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
    - Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Oct 31)
  - Re: Fw: Security risk of vim swap files Jan Pokorný (Nov 01)
- Re: Fw: Security risk of vim swap files Matthias Weckbecker (Nov 21)
- Re: Fw: Security risk of vim swap files Z5T1 (Nov 01)
  - Re: Re: Fw: Security risk of vim swap files Michael Orlitzky (Nov 01)
    - Re: Re: Fw: Security risk of vim swap files Florent Rougon (Nov 01)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 02)
  - Re: Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 02)

(Thread continues...)