[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] nmh vs mktemp()

From: Nick Rusnov
Subject: Re: [Nmh-workers] nmh vs mktemp()
Date: Sat, 5 Apr 2008 15:36:41 -0700
User-agent: Mutt/1.5.13 (2006-08-11)

On Sat, Apr 05, 2008 at 10:52:05PM +0100, address@hidden wrote:
> I've been looking at fixing the various insecure uses of mktemp()
> in the nmh codebase. I've gradually realised that although some of
> them are fixable, some are really very tricky. The trouble is that
> much of the code assumes that you can create a temporary file and
> then later on reopen it by name[*]; and often this happens by a
> very indirect route, with a tempfile name being passed into
> functions which might also be using normal message files. Or we
> might create a tempfile and then rename it to something else.
> So I think that it might be better to sidestep the whole issue
> by just having nmh create its temporary files in ~/Mail. Because
> this directory isn't writable except by the user, there's no
> danger of malicious attackers creating symlinks in it as there
> is with putting files in /tmp/. Some work would still be
> required, but nowhere near as much.

I have to agree that this is a good solution short of massive code changes. I
believe that users can currently do this by setting their TEMP variable to a
directory that they control, but a systematic use of a temporary directory 
for nmh seems like a good policy. Something like ~/Mail/.temp or some such so as
not to interfere with a potential folder called temp.

-><- Nick Rusnov
-><- http://nick.industrialmeats.com
-><- address@hidden/address@hidden 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]