[PATCH] tempnam.c security problems
[Includes a patch, patch applies to tempnam.c from current]
Description
The tempnam function has the security problem of trusting an
environment variable, even when running setuid. While it might seem
that using this function in a setuid/setgid program is insecure in
and of itself due to the potential race condition between finding a
file name and creating the file, open with the CREAT _and_ EXCL
flags set solves this problem, at least for local filesystems. (Yes,
the mkstemp function should be used instead, but software ported in
from other OSes may not use this function.)
The difficulty with trusting a user-set directory when this method
(setting CREAT and EXCL) is used is that the directory in question
could have permissions allowing the user to replace the file - a
problem if the program closes the file then reopens it at a later
point (perhaps to conserve file descriptors). It also poses the
confidentiality hazard that the directory may be set to be in a
msdos filesystem, so that the user can then examine the contents of
the file.
Any takers? The PR has already been marked suspended by phk, but never
worked on.
http://www.freebsd.org/cgi/query-pr.cgi?pr=6773
Nick
--
ISIS/STA, T.P.270, Joint Research Centre, 21020 Ispra, Italy
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
