Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]

[Hynek Med]

On Wed, 7 May 1997, Alan Cox wrote:

> > a) create the file with 600 pemissions anyway, to guarantee privacy
> > b) pick a very random name for the file
> > c) check if the file about to be created isn't already a symlink/hardlink
> > d) optionally do all this in a subdirectory with 700 permissions as your
> > script suggests
> > 
> > I don't know any C, does some kind of standart mktemp() function do this
> > all? Is it available on all systems?
> 
> mktemp isnt sufficient. mkstemp() is but not on all OS's. The algorithm
> above has a race condition...

Yes, but a hard to win race, and provided the filename is really random
it's almost impossible. (Please correct me if I'm wrong.) 

OK, to summarize, we can:

1. use TEMP space in the HOME directory, which is bad when you have 
   a low quota on $HOME
2. use mkstemp(), which is not on all systems
3. use the algorithm I have described, which is rather complex and has a
   (IMHO theoretical) race condition
4. use the Klaus' shell wrapper, or the idea from it, but there's a race
   condition too - when creating the directory..

It looks that #1 is most secure and very easy to implement.

Hynek

--
Hynek Med, address@hidden


;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;