Russ Allbery writes ("Re: severity for bugs in ignoring TMP/TMPDIR?"):
> You could probably use strace to find problems by looking for an
> open(O_CREAT) of a file in /tmp that doesn't look like it's
> mkstemp-created (ending in six random characters) and doesn't use O_EXCL.
> You'll get some false positives from files in safely-created directories.I once proposed a kernel patch which would detect all of these unsafe tmpfile problems (except if the attack was actually being carried out) and turn them into hard failures. The rule would be that if: * A file is being opened in a sticky directory * The file is going to be created by this operation * O_EXCL was not specified then the syscall fails with EPERM. This didn't meet with general approval but I still think it would be a good idea, at least to try. And it might even be less effort than messing with strace, because strace has some pretty serious signal handling bugs which mean that programs with complicated process farms often don't work properly under strace. Ian. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20281.1211.909188.106...@chiark.greenend.org.uk
