[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Re: Diffs for replacing mktemp() usage

From: Sean Kamath
Subject: Re: [Nmh-workers] Re: Diffs for replacing mktemp() usage
Date: Wed, 03 Feb 2010 10:20:42 -0800
User-agent: Thunderbird (X11/20081216)

Earl Hood wrote:
> On Wed, Feb 3, 2010 at 2:58 AM, Peter Maydell
> <address@hidden> wrote:
>> Earl Hood wrote:
>>> Even though no one has convinced me that my new functions
>>> still contain the race condition security problem,
>> There was a URL in the old linked message I provided;
>> the problem is in the presence of /tmp/ cleaners (which,
>> yes, do exist even if there are problems with them).
> I missed the /tmp cleaners.  Yes, that could be an
> issue if the cleaner happens to run just as you are
> running an nmh command and the cleaner is dumb to
> remove the file even if it is recent, and them some
> malicious user just happens to be trying to symlink
> you.

It's a little narrower than that.  If the tmp cleaner removes the file,
but the filehandle is still open, and used, then the contents of the
temp file will be in an unreferenced file, which will be freed on close().

Of course, if the file is close()ed, and later opened, then you'll get a
failure, or "bad data" if someone recreated the file.

Frankly, people who run tmp cleaners that are that braindead probably
deserve what they get.  Regardless, moving them to a configurable tmp
location is not a bad idea -- but I don't want to hit my NFS mounted
home dir every time I make a tmp file.  So I'd make /var/tmp/<user> or
/tmp/<user> and point to that.

My $0.02


Sent from the 1st Circle

reply via email to

[Prev in Thread] Current Thread [Next in Thread]