I made a list of /usr/bin scripts which allows /tmp races. Following ones creates /tmp/something.$$, then, with no permission/ownership checking, /tmp/something.$$.x (x may vary ;), or even performs suitable checks, but gives enough time to alter /tmp contents: glibcbug, bashbug, znew, mailstat, autoupdate, x11perfcomp, gccmakedep, pnmindex, xcopy, autoheader, cvsbug, rcs2log, updatedb, igawk, zdiff, zcmp, findaffix, munchlist, report-kaffe-bug, mailshar, MakeTeXPK, makeindex, texhash, ircbug [...] This list has been made on RedHat 5.0 Linux distribution. It includes only /bin/sh scripts and it isn't complete, but maybe it will show the range of /tmp races problem. Simple TMPFILE=/tmp/myproggy.$$ trap "rm -f $TMPFILE;exit 1" 1 2 ... [...] do_something >$TMPFILE is not sufficient and may be extremally harmful!!! You should at least use mktemp to create temporary files, or|and prevent from creating anything in /tmp directly. _______________________________________________________________________ Michal Zalewski [tel 9690] | finger 4 PGP [lcamtufat_private] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deustch] =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:45:26 PDT