[2730] in bugtraq
Re: Publically writable directories
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Jun 17 18:10:12 1996
Date: Mon, 17 Jun 1996 11:34:20 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Valdis.Kletnieks@vt.edu
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Your message of "Sun, 16 Jun 1996 18:30:50 +0200."
<199606161630.SAA20804@mvmap66.ciw.uni-karlsruhe.de>
--===_-1_Mon_Jun_17_11:34:18_EDT_1996
Content-Type: text/plain; charset=us-ascii
On Sun, 16 Jun 1996 18:30:50 +0200, you said:
> Is there a safe way of opening a temporary file in a publically writable
> directory as a normal user, given a system with symbolic links?
> I'm even willing to assume a sticky bit on the directory.
>
> Main problem: How do I disallow a malicious
>
> $ ln -s /tmp/some.file $MYHOME/.somedotfile
>
> at the wrong times, without getting into race conditions?
I'm not sure which you are asking for.
Is it "how does a set-UID program properly test that $MYHOME/.somedotfile
is in fact owned by the right user, and not a link to something it shouldnt be"
or are you asking "If $MYHOME is world-writeable, how do I prevent people
from putting in malicious symlinks?".
If it is the latter, note that symlinks aren't needed - you can just 'cp' in
whatever malicious .somedotfile you want. You have bigger problems than
symlinks ;)
If it is the former, I'd say it is the program's responsibility to verify
the contents of a .dotfile. Personally, I usually open() the file, then
fstat() the file descriptor, and verify that what I opened was what I wanted
to open (check ownerships, permissions, major/minor/inode numbers, etc).
And then of course sanity-check the contents as appropriate for the program.
--
Valdis Kletnieks
Computer Systems Engineer
Virginia Tech
--===_-1_Mon_Jun_17_11:34:18_EDT_1996
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: 2.6.1
iQCVAwUBMcV6+dQBOOoptg9JAQH6xwP+OtfETTpg4RJ3oXLoz3vl7vSuNjRUHCAe
mdNeDshwmrc+gGc79rtuEb43c4Emix5B6gTmlDm+coCRrsaw0Ir4jhSJjniy57dA
4SkTUbbU6i8C5OW3elhkKhvsc5xU0N4ZWu8uGGhgFVM6GGGvVd2ekU8+4lZM1EuP
YpyLuIYo4NM=
=dE/3
-----END PGP MESSAGE-----
--===_-1_Mon_Jun_17_11:34:18_EDT_1996--
