On Sun, 30 Jan 2000, foo wrote: > This weekend I decided to play around with a couple of network > management tools on securityfocus.com ... upon review of the source, I > noticed a bad trend. Both tools handle temporary files insecurely. the l0pht's tempwatch tool is useful in rooting out such problems. http://www.l0pht.com/advisories/watch.txt (or /usr/ports/security/tempwatch on OpenBSD)... > - Check for the existence of your temporary file before you do anything > with it: > > $SECUREDIR=/home/blah > $tmpfile=$SECUREDIR/t.$$ > if [ -e $tmpfile ]; then > echo -e "ERROR! : temporary file exists, erasing!\r\n"; rm -rf > $tmpfile > fi you still have an exploitable race here. a better way around this (esp. for program with many tmp files) is to use a temporary directory instead, as in OpenBSD's /etc/security script: umask 077 DIR=/tmp/_secure$$ TMP1=$DIR/_secure2 TMP2=$DIR/_secure3 if ! mkdir $DIR ; then printf "tmp directory %s already exists, looks like:\n" $DIR ls -alF $DIR exit 1 fi trap 'rm -rf $DIR; exit 1' 0 1 2 3 13 15 or if you're using OpenBSD, use the mktemp(1) program in your scripts: http://www.openbsd.org/cgi-bin/man.cgi?query=mktemp -d. --- http://www.monkey.org/~dugsong/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:49 PDT