[341] in linux-security and linux-alert archive
Re: selection summary
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Thomas_K=F6nig?=)
Fri Sep 1 14:59:49 1995
To: linux-security@tarsier.cv.nrao.edu (linux-security)
Date: Fri, 1 Sep 1995 18:48:05 +0200 (MET DST)
In-Reply-To: <m0soVOP-00005FC@monad.swb.de> from "Olaf Kirch" at Sep 1, 95 02:40:20 pm
From: Thomas.Koenig@ciw.uni-karlsruhe.de (=?ISO-8859-1?Q?Thomas_K=F6nig?=)
-----BEGIN PGP SIGNED MESSAGE-----
Olaf Kirch wrote:
>I still haven't seen a secure way of opening a temp file;
The easiest way is to put it into a directory where users
don't have write permission.
If you're absolutely stuck with putting a file into a world-writable
directory as root... well, I belive the following to be a resonable
first approximation; please try to poke holes in this. I am assuming
a 1777 directory, i.e. with sticky bit set. If you don't have
that, you're toast in any case :-)
- - unlink the filename
- - set euid to nobody
- - open file with O_CREAT | O_EXCL ; abort if this does not work
- - fstat the file descriptor
- - if links > 1, goto step one
- - lstat the file
- - if it's a symbolic link, goto step one
- - if the device/inode pair of the fstat/lstat don't match -> step one
- - set euid to root
- - fchown the file descriptor
- - stat the filename
- - if the device/inode pair don't match -> step one
- --
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMEc5GPBu+cbJcKCVAQE18gQAooePDDIDfmBMAwcLyXX+Qcxa7wDGa5Da
nx0CduzdSABfzCKZesgagmTv6PHyd1s8IJI/e53xTKz2svOXTEdwvd5prQYYaMOj
jOW2ZpyT4UVjMyvZPImBEoMym5rQ8yaHDy6d0a1VukvEi9p2ay5BGlxTKtJyJ4No
+nME3AxlFC4=
=aAlV
-----END PGP SIGNATURE-----
