[2728] in bugtraq
Re: Publically writable directories
daemon@ATHENA.MIT.EDU (Neil Soveran-Charley)
Mon Jun 17 17:14:33 1996
Date: Sun, 16 Jun 1996 21:32:55 +0100
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Neil Soveran-Charley <athan@mersinet.co.uk>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199606161630.SAA20804@mvmap66.ciw.uni-karlsruhe.de> from "Thomas
Koenig" at Jun 16, 96 06:30:50 pm
>
> Is there a safe way of opening a temporary file in a publically writable
> directory as a normal user, given a system with symbolic links?
> I'm even willing to assume a sticky bit on the directory.
>
> Main problem: How do I disallow a malicious
>
> $ ln -s /tmp/some.file $MYHOME/.somedotfile
>
> at the wrong times, without getting into race conditions?
If the only user needing to access aid file is the user creating it,
then one solution is to make a dir for yourself in /tmp and put your
files in there. Of course you need to make SURE that the directory gets
created securely so as the above problems don't affect it. I'm sure in
most situations this could be done easily enough though...
-Neil
--
**************************************************************************
* Neil Soveran-Charley, System Administrator, Mersinet Internet Services *
* Email: N.P.Soveran-Charley@mersinet.co.uk *
**************************************************************************
