[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] install-sh: avoid (low risk) race in /tmp

From: Mathieu Lirzin
Subject: Re: [PATCH] install-sh: avoid (low risk) race in /tmp
Date: Sun, 11 Mar 2018 23:38:53 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)


Sorry for the long delay.

Pavel Raiskup <address@hidden> writes:

> Ensure that nobody can cross privilege boundaries by pre-creating
> symlink on '$tmpdir' path.
> Just testing 'mkdir -p' by creating '/tmp/ins$RANDOM-$$/d' is not
> safe because '/tmp' directory is usually world-writeable and
> '/tmp/ins$RANDOM-$$' content could be pretty easily guessed by
> attacker (at least for shells where $RANDOM is not supported).
> So, as the first step, create the '/tmp/ins$RANDOM-$$' without -p.
> This step would fail early if somebody wanted catch us.
> Note that systems that implement (and have enabled)
> fs.protected_symlinks kernel feature are not affected even without
> this commit.
> References:
> * lib/install-sh: Implement safer 'mkdir -p' test by running
> '$mkdirprog $mkdir_mode "$tmpdir"' first.
> (scriptversion): Bump.
> ---
>  lib/install-sh | 25 +++++++++++++++++--------
>  1 file changed, 17 insertions(+), 8 deletions(-)

Applied in commit 968bf9f66e3966d1975295b97539876518ebd2a0.

Thank you for the patch.

Mathieu Lirzin
GPG: F2A3 8D7E EB2B 6640 5761  070D 0ADE E100 9460 4D37

reply via email to

[Prev in Thread] Current Thread [Next in Thread]