Martin Schulze wrote: > Rogier Wolff wrote: > > Martin Schulze wrote: > > > This was not intentional by the author, he tried to use tempfile(1) to > > > create the temporary filename. However, due to a thinko, the name was > > > hardcoded into the script. > > [...] > > > +#NNTPactive=\`tempfile -p active\` #"/tmp/active.\$\$" > > > > So now you're using tempfile? This usually yields an easily > > No, but now we're using tempfile in a proper way. In the original source > code it was used like: > > NNTPactive=`tempfile -p active` This is what I meant. You've made it just a teeny bit harder to exploit, but the same expoit is still there. 10 years ago, this solution would've been adequate. Nowadays everbody should know that this is very hard to get right. Mover the "bad guys" already have the exploit programs ready. Creating a tempfile from a C program is possible since we have a mkstmp call. It is sufficiently tricky that I wouldn't dare replicating the functionality myself. Creating a private directory in /tmp and putting the tempfiles in there might be the only solution for shell scripts. Roger. -- ** R.E.Wolffat_private ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* ------ Microsoft SELLS you Windows, Linux GIVES you the whole house ------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:57 PDT