[340] in linux-security and linux-alert archive
selection summary
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Fri Sep 1 12:11:28 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 1 Sep 1995 14:40:20 +0200 (MET DST)
-----BEGIN PGP SIGNED MESSAGE-----
Hi all,
there have been quite a number of follow-ups to Tom Weber's report on
the selection problem. I'm summarizing them below rather than approving
each message separately.
Many people have pointed out that simply unlinking the file and then
opening it still leaves a race condition. I still haven't seen a secure
way of opening a temp file; maybe creating a `randomly' named file and
then calling rename() to move it to selection.pid is closest to what
can be done. For programs running under the root account, having a separate
directory for pid files and other temporary data is probably the best.
The FSSTND has a /var/run directory, which would be ideal for things like
these.
However, the problem with selection can be solved more easily. There have
been a number of messages about whether it has to run setuid root or not.
The upshot of it all is that it must run as root because of several
ioctl calls it performs, but it suffices to put it into your rc.local
script.
On the other hand, Tom Weber points out that there are situations where
selection won't get along very well with other applications (see separate
message). Having selection put its pid file in /var/run seems to be safe
in this case. However, it would still be nice if someone wrote a drop-in
routine that opens temp files safely, because there
Finally, watch out for similar programs:
dip Usually using /etc/dip.pid, so it's safe. Still, there used
to be versions that put it in /tmp, if I recall correctly.
(But having dip setuid root is a bad thing anyway. Try
dip -v /etc/shadow for an amusing show)
named /etc/named.pid or /var/run/named.pid. Older versions also
put their pid file in /usr/tmp, using fopen(...)
to open it.
However, debug information (named.run and named_dump.db)
is written to /tmp or /var/tmp.
elm uses mbox.<username>. If user joe doesn't have a .rhosts
file, do this:
ln -s ~joe/.rhosts /tmp/mbox.joe
echo "localhost yourname" | rmail joe
and wait for joe to read his mail. This works at least with
elm 2.4.
... and probably a few more.
Thanks to all those who responded:
Wolfgang Ley
Kyriakos Georgiou
Matt (Panzer Boy)
Jon Lewis
Tom Weber
Cheers
Olaf
- --
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
For my PGP public key, finger okir@brewhq.swb.de.
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAgUBMEb/KuFnVHXv40etAQGO/AQAz+j+z3XjjfJgBMCjQVZ42UV07UiDdl1S
4D7mu6QDHu9ItRYpxM7mIeE4bvFTPvYVzmL5DfMucyhUEJy10YuCUJZGgTvlCHsz
8poSbTYSRMwp/N3Gysd4te9lWX3+JwPd6ahautKVkCsRISA9/v0kgCSBWPe8GwoP
qyPB3BWRp+U=
=tGn6
-----END PGP SIGNATURE-----
