[2191] in bugtraq
Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10
daemon@ATHENA.MIT.EDU (Vic Abell)
Fri Sep 1 03:58:31 1995
Date: Wed, 30 Aug 1995 07:29:50 -0500
Reply-To: abe@cc.purdue.edu
From: Vic Abell <abe@vic.cc.purdue.edu>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of Tue, 29 Aug 95 14:08:28 +0100.
<Pine.A32.3.91.950829135918.21783C-100000@haddock.saa-cons.co.uk>
In message <Pine.A32.3.91.950829135918.21783C-100000@haddock.saa-cons.co.uk> yo
u write:
>
>On Fri, 25 Aug 1995, Darren Reed wrote:
>
>> People designing setuid-root programs or programs in general which perform
>> priviledged operations and need temporary files should consider using a
>> non-public access directory as the temp. file location.
>
>What about using the tempnam() call? Maybe it's not available on all
>platforms although it is on AIX, SCO and HP-UX, so I'd have thought it
>would be.
>
>Do you feel that the randomness of the filenames this returns is not
>random enough? Or is it that the very nature of a file that the world can
>get at is the security threat, no matter what permissions are in
>existence. I'd have thought that having /tmp mode 1777, using tempnam()
>to get the file name, and creating this file in mode 0600 would be
>sufficient.
In the case of lsof, randomness is undesirable. The whole point
of having a device cache file is so every use of lsof by anyone
can take advantage of it. Hence a known path name is necessary.
The file also needs to be world writable so that an lsof, running
under any UID, can rewrite it, should the file become corrupt or
should /dev (or /devices) change.
Of course, if you're talking about temporary files in the general
case, then my comments probably don't apply. :-)
Vic Abell
