[2733] in bugtraq
Re: Publically writable directories
daemon@ATHENA.MIT.EDU (Brian Mitchell)
Mon Jun 17 22:46:02 1996
Date: Mon, 17 Jun 1996 22:22:44 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Brian Mitchell <brian@saturn.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606162032.VAA02680@server2.mersinet.co.uk>
On Sun, 16 Jun 1996, Neil Soveran-Charley wrote:
> >
> > Is there a safe way of opening a temporary file in a publically writable
> > directory as a normal user, given a system with symbolic links?
> > I'm even willing to assume a sticky bit on the directory.
> >
> > Main problem: How do I disallow a malicious
> >
> > $ ln -s /tmp/some.file $MYHOME/.somedotfile
> >
> > at the wrong times, without getting into race conditions?
>
> If the only user needing to access aid file is the user creating it,
> then one solution is to make a dir for yourself in /tmp and put your
> files in there. Of course you need to make SURE that the directory gets
> created securely so as the above problems don't affect it. I'm sure in
> most situations this could be done easily enough though...
In that case, would you not be better off making the tmp dir in $HOME
instead of /tmp? Assuming home dir permissions aren't totally insane,
that should solve most of your problems.
Brian Mitchell brian@saturn.net
Unix Security / Perl / WWW / CGI http://www.saturn.net/~brian
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman
