[342] in linux-security and linux-alert archive
Re: selection summary
daemon@ATHENA.MIT.EDU (Alan Cox)
Fri Sep 1 17:38:13 1995
From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: okir@monad.swb.de (Olaf Kirch)
Date: Fri, 1 Sep 1995 20:33:30 +0100 (BST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0soVOP-00005FC@monad.swb.de> from "Olaf Kirch" at Sep 1, 95 02:40:20 pm
> Many people have pointed out that simply unlinking the file and then
> opening it still leaves a race condition. I still haven't seen a secure
> way of opening a temp file; maybe creating a `randomly' named file and
> then calling rename() to move it to selection.pid is closest to what
> can be done. For programs running under the root account, having a separate
> directory for pid files and other temporary data is probably the best.
> The FSSTND has a /var/run directory, which would be ideal for things like
> these.
I use the following. I think its secure and if not please tell me. Surround it
with
setfsuid(getuid()) // setfsuid(geteuid())
if you want the running user to make the file.
while(1)
{
char *x=tmp_mkname(); /* /tmp/blahdesquiggle */
int fd=open(x, O_RDWR|O_EXCL|O_CREAT);
if(fd==-1) /* Probably exists, dont touch it */
continue;
if(fstat(fd,&stat)==-1)
{
close(fd);
continue; /* Huh ??? */
}
if(lstat(x,&stat2)==-1) /* Not posix but who cares */
{
close(fd);
continue;
}
if(x.st_ino!=fd.st_ino || x.st_dev!=fd.st_dev) /* Tut tut, slap wrist */
{
close(fd);
continue;
}
if((x.st_mode&S_IFMT)!=S_IFREG) /* Must be a file */
{
close(fd);
continue;
}
break;
}
And then use fchown, fchmod etc no path based calls. Unlinking is ok
you might delete a file someone has renamed in /tmp to your filename.I
hope people use sticky /tmp's
> named /etc/named.pid or /var/run/named.pid. Older versions also
> put their pid file in /usr/tmp, using fopen(...)
> to open it.
> However, debug information (named.run and named_dump.db)
> is written to /tmp or /var/tmp.
> elm uses mbox.<username>. If user joe doesn't have a .rhosts
> file, do this:
> ln -s ~joe/.rhosts /tmp/mbox.joe
> echo "localhost yourname" | rmail joe
> and wait for joe to read his mail. This works at least with
> elm 2.4.
Have these two been posted on to Cert and to Bugtraq and 8lgm ?. The ELM
one is especially nasty.
Alan
[I have forwarded the elm one to bugtraq and DFNCERT. --okir]
