[Radiance-dev] Security issue - Insecure use of files in /tmp
Georg Mischler
schorsch at schorsch.com
Sun Aug 17 03:10:37 PDT 2008
Bernd Zeimetz wrote:
> Hi Greg,
>
>> How do you create a file with an "unpredictable" name? Why is this even
>> an issue unless a script or program has the suid bit enabled? Radiance
>> programs should never have permission to do anything a user couldn't,
>> unless they're being run by root.
>
> Files with an unpredictable and unique name are generated by using
> random letters and numbers within the filename *and* - preferable in an
> atomic way - create the file and open it for reading/writing.
Please let's not advocate the "security through obscurity" snake
oil here. Fortunately, mktemp(1) does indeed quite a bit better
than that, and actually creates the file before anyone else can
(presumably using mkstemp(3)). If the shell scripts can be fixed
that way with reasonable effort, I'm all for it.
In fact, this will make the scripts more secure (with regards to
this specific, and for Radiance probably minor, aspect) than the
few remaining mktemp(3) instances in the C code.
-schorsch
--
Georg Mischler -- simulations developer -- schorsch at schorsch com
+schorsch.com+ -- lighting design tools -- http://www.schorsch.com/
More information about the Radiance-dev
mailing list