>>>>> "deraadt" == Theo de Raadt <deraadtat_private> writes: deraadt> Moreover, Stanislav's patch retained the use of of mktemp(), deraadt> which means his fixed perl can still be denial-of-serviced This is true. You can still DOS Perl after my quick patch (if you win the race). I am afraid that the same might apply to your patch as well, at least on some systems and to some degree. But surely mkstemp() is a better thing to do. deraadt> The correct fix is to use mkstemp(), which is designed to be deraadt> (much more) impervious to these kinds of races. It is. However, on many systems it only tries a finite number of times; if you guess the name every time it open()s you've denied service to the calling program. It is much harder to do (you need to win a lot of races) but theoretically it's possible. So the program still isn't correct in the strict sense. (This does not apply to OpenBSD: its _gettemp() will try forever which is the right thing to do because attacker cannot win an infinite number of races--or to put it more accurately, has probability zero of winning $\aleph_0$ races.) All this complexity of trivial things (just open a temp file) is one of the reasons I think the whole idea of /tmp is a fundamental misdesign and eventually one should be able to chmod it to 755 (while programs should use per-user TMPDIRs).
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:28 PDT