nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] Re: Diffs for replacing mktemp() usage

2010-02-03 12:26:18
Earl Hood wrote:
On Wed, Feb 3, 2010 at 2:58 AM, Peter Maydell
<pmaydell(_at_)chiark(_dot_)greenend(_dot_)org(_dot_)uk> wrote:
Earl Hood wrote:
Even though no one has convinced me that my new functions
still contain the race condition security problem,
There was a URL in the old linked message I provided;
the problem is in the presence of /tmp/ cleaners (which,
yes, do exist even if there are problems with them).

I missed the /tmp cleaners.  Yes, that could be an
issue if the cleaner happens to run just as you are
running an nmh command and the cleaner is dumb to
remove the file even if it is recent, and them some
malicious user just happens to be trying to symlink
you.

It's a little narrower than that.  If the tmp cleaner removes the file,
but the filehandle is still open, and used, then the contents of the
temp file will be in an unreferenced file, which will be freed on close().

Of course, if the file is close()ed, and later opened, then you'll get a
failure, or "bad data" if someone recreated the file.

Frankly, people who run tmp cleaners that are that braindead probably
deserve what they get.  Regardless, moving them to a configurable tmp
location is not a bad idea -- but I don't want to hit my NFS mounted
home dir every time I make a tmp file.  So I'd make /var/tmp/<user> or
/tmp/<user> and point to that.

My $0.02

Sean


-- 
Sent from the 1st Circle


_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
http://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>