Re: fix mktemp (remove mktemp ;)

Sat, 16 Apr 2005 18:04:36 -0700

set your umask to make things only writeable by the same user.
then create a new directory (it will fail with an error if the directory already exists)

now you can create files in this directory without having to worry about other users makeing trouble for you (they can't create symlinks in this directory)

David Lang

On Sat, 16 Apr 2005, Dave Jones wrote:

Date: Sat, 16 Apr 2005 20:57:57 -0400
From: Dave Jones <[EMAIL PROTECTED]>
To: Paul Jackson <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], git@vger.kernel.org, [EMAIL PROTECTED]
Subject: Re: fix mktemp (remove mktemp ;)

On Sat, Apr 16, 2005 at 05:44:09PM -0700, Paul Jackson wrote:
> Dave wrote:
> > mktemp is being used here to provide randomness in the filename,
> > not just a uniqueness.
>
> Ok - useful point.
>
> How about:
>
>    t=${TMPDIR:-/usr/tmp}/gitdiff.$$.$RANDOM

pid is still predictable by watching ps output, $RANDOM is one of 32768
numbers, so it's still feasable to predict the result.
$RANDOM$RANDOM is better, and gets a little closer to mktemp strength 
randomness.

> > all an attacker has to do is create 65535 symlinks in /usr/tmp
> And how about if I removed the tmp files at the top:
>
>    t=${TMPDIR:-/usr/tmp}/gitdiff.$$.$RANDOM
>    trap 'rm -fr $t.?; trap 0; exit 0' 0 1 2 3 15
>    rm -fr $t.?
>
>    ... rest of script ...

Racy, though the chance of creating x thousand symlinks in such a small
window probably makes it a non-issue.

Actually.. http://www.linuxsecurity.com/content/view/115462/151/
has some interesting bits on temp dir creation without mktemp.
See section 3.4 onwards.

                Dave

-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html


--
There are two ways of constructing a software design. One way is to make it so 
simple that there are obviously no deficiencies. And the other way is to make 
it so complicated that there are no obvious deficiencies.
 -- C.A.R. Hoare
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to