[18053] in bugtraq
Re: [hacksware]Pine temporary file hijacking vulnerability
daemon@ATHENA.MIT.EDU (Ryan W. Maple)
Wed Dec 13 20:43:44 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10012122129220.16804-100000@mastermind.inside.guardiandigital.com>
Date: Tue, 12 Dec 2000 21:30:41 -0500
Reply-To: "Ryan W. Maple" <ryan@GUARDIANDIGITAL.COM>
From: "Ryan W. Maple" <ryan@GUARDIANDIGITAL.COM>
X-To: Thomas Corriher <corriher@bellsouth.net>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0012111647190.3607-100000@desktop.ast>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I do not really think the problem is this. /tmp is there for a reason,
and I don't really find any fault in vendors/developers for using it
accordingly.
I think the real problem here is the use of '$$' in temporary file
creation. mkstemp(3) is there for a reason:
NAME
mkstemp - create a unique temporary file
Just my $.02. :)
Cheers,
Ryan
+-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
Ryan W. Maple "I dunno, I dream in Perl sometimes..." -LW
Guardian Digital, Inc. ryan@guardiandigital.com
+-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
On Mon, 11 Dec 2000, Thomas Corriher wrote:
> So many of these problems would just disappear if the
> system's default profile had something like "$TMPDIR=$HOME"
> or "$TMPDIR=$HOME/tmp". Pine is not really the problem.
> Poorly configured systems are the problem. Linux
> distributors: are you paying attention? Why should all
> users be given full access to any directory; especially if
> most programs are designed to use that directory by default?
> It is time that we wake up certain corporations and software
> distribution companies. This sloppiness should not be
> tolerated.
>
> This type of problem appears again, and again, and again; yet
> these problems could be fixed with a one-liner. Oh the insanity!
>
> I am not even an expert on security matters, but I do know enough
> about the basics to realize that many default configurations are
> incredibly stupid.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6Nt9UIwAIA9MpKWcRAgpVAJ0ZTeB3cCPvV5RgbzUqdSXA+Q4FHgCfbxjg
7PvBnp4ReLVu2eNq2IMpMLc=
=eSD8
-----END PGP SIGNATURE-----
