On Fri, 13 Nov 1998, Marcelo Tosatti wrote: > Sorry if this is already known. > I found a tmp race in bootpd 2.4.3. > If the user do not specify a file to dump the database, bootpd dump it in > /tmp/bootpd.dump. ... > if (argc > 1) > bootpd_dump = argv[1]; > - > + else > + mktemp(DUMPTAB_FILE); > /* > * Get my hostname and IP address. > */ Of course, this is not a fix. It just makes the problem less obvious and lowers the risk of abuse. (Even if the risk has already been low because a cetain signal must be sent to the deamon and this is a rare event in most installations.) Moreover, it is questionable whether saving the dump using a randomized filename is useful because you have to do something nontrivial to find the dump. The proper solution (for any bug of this kind) is to stop putting such files into /tmp or any other publicly readable directory. --Pavel Kankovsky aka Peak [ Boycott Czech Telecom--http://www.bojkot.cz ] "spt Telecom... ted zdrazujeme zitrek!" [ Engl. lang. info-- .../english/ ]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:11 PDT