[2729] in bugtraq
Re: Publically writable directories
daemon@ATHENA.MIT.EDU (Bill Pemberton)
Mon Jun 17 17:43:29 1996
Date: Mon, 17 Jun 1996 09:06:09 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Bill Pemberton <wfp5p@tigger.itc.virginia.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606161630.SAA20804@mvmap66.ciw.uni-karlsruhe.de> from "Thomas
Koenig" at Jun 16, 1996 06:30:50 PM
Thomas Koenig writes:
>
> Is there a safe way of opening a temporary file in a publically writable
> directory as a normal user, given a system with symbolic links?
> I'm even willing to assume a sticky bit on the directory.
>
> Main problem: How do I disallow a malicious
>
> $ ln -s /tmp/some.file $MYHOME/.somedotfile
>
> at the wrong times, without getting into race conditions?
>
You need to open it like so:
fp_handle = open(fname, O_RDWR|O_CREAT|O_EXCL,0600)
The open() call does not follow symlinks.
--
Bill Pemberton wfp5p@virginia.edu
ITC/Unix Systems flash@virginia.edu
University of Virginia uunet!virginia!wfp5p
