[5596] in bugtraq
Re: Safe /tmp cleanup
daemon@ATHENA.MIT.EDU (Erik Troan)
Fri Nov 14 01:23:48 1997
Date: Thu, 13 Nov 1997 22:06:11 -0500
Reply-To: Erik Troan <ewt@redhat.com>
From: Erik Troan <ewt@REDHAT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199711131648.KAA08976@l-ecn069.icaen.uiowa.edu>
On Thu, 13 Nov 1997 dsiebert@ICAEN.UIOWA.EDU wrote:
> It "checks for directoriness", and if it is a directory it chdir's into it.
> This does not do anything at all to prevent someone changing the name which
> used to be a directory into a link to somewhere else in the meantime. You
> have to assume an attacker can make your Perl script run arbitrarily slow
> (not like this is hard with Perl in the first place) and therefore can do
> bad things in between the lstat and the chdir. The modification to the
> GNU find I wrote (hopefully) catches any such possible attack. I have not
> looked at the RedHat thing Steven mentions, so I can't comment on how well
> it does in this regard.
The "Red Hat thing" (I like the phrase, so I thought I'd quote it) does
indeed check to make sure it chdir()ed into the place it expected to via
st_dev and st_ino information.
While you can certainly do something just like this with perl, I wrote
the tmpwatch Red Hat uses in C because we don't like putting basic
system components in perl (or python, or tcl...). I don't feel like
arguing about perl, it's just a decision to keep a minimal Red Hat system
as small as possible.
tmpwatch is GPLed, in case anyone else cares to look at it.
Erik
-------------------------------------------------------------------------------
| "For the next two hours, VH1 will be filled with foul-mouthed, |
| crossdressing Australians. Viewer discretion is advised." |
| |
| Erik Troan = ewt@redhat.com = ewt@sunsite.unc.edu |
