On Wed, Feb 3, 2010 at 2:58 AM, Peter Maydell
<pmaydell(_at_)chiark(_dot_)greenend(_dot_)org(_dot_)uk> wrote:
Earl Hood wrote:
Even though no one has convinced me that my new functions
still contain the race condition security problem,
There was a URL in the old linked message I provided;
the problem is in the presence of /tmp/ cleaners (which,
yes, do exist even if there are problems with them).
I missed the /tmp cleaners. Yes, that could be an
issue if the cleaner happens to run just as you are
running an nmh command and the cleaner is dumb to
remove the file even if it is recent, and them some
malicious user just happens to be trying to symlink
you.
I'd have to question the skills of the sys admin that
set that up a cleaner that deleted files despite the
modtime.
My latest changes causes tmp files to be put in
user's mail dir if no template is specified.
Note, looking more at the code, many commands change
the cwd to the user's mail dir. They then call the
temp file routine (before my changes and after my changes
since I wanted to minimize risk to functionality) so
temp files are created in cwd.
Therefore, for most commands, temp files were already
being placed in the user's mail dir. Where /tmp was
getting used were calls to m_tmpfil(). Those calls
were replaced with m_mktemp(). In my latest post
of m_mktemp.c, I changed the function so
m_maildir("") will be used instead of /tmp.
--ewh
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
http://lists.nongnu.org/mailman/listinfo/nmh-workers