[Radiance-dev] Security issue - Insecure use of files in /tmp
Gregory J. Ward
gregoryjward at gmail.com
Sun Aug 17 08:30:21 PDT 2008
OK, so it sounds like we have consensus. When I have some time, I'll
work on applying the mktemp(1) utility to all the shell scripts, and
check it in to CVS. It might take a week or two for me to get to it.
-Greg
> From: Georg Mischler <schorsch at schorsch.com>
> Date: August 17, 2008 3:10:37 AM PDT
>
> Bernd Zeimetz wrote:
>
>> Hi Greg,
>>
>>> How do you create a file with an "unpredictable" name? Why is
>>> this even
>>> an issue unless a script or program has the suid bit enabled?
>>> Radiance
>>> programs should never have permission to do anything a user
>>> couldn't,
>>> unless they're being run by root.
>>
>> Files with an unpredictable and unique name are generated by using
>> random letters and numbers within the filename *and* - preferable
>> in an
>> atomic way - create the file and open it for reading/writing.
>
> Please let's not advocate the "security through obscurity" snake
> oil here. Fortunately, mktemp(1) does indeed quite a bit better
> than that, and actually creates the file before anyone else can
> (presumably using mkstemp(3)). If the shell scripts can be fixed
> that way with reasonable effort, I'm all for it.
> In fact, this will make the scripts more secure (with regards to
> this specific, and for Radiance probably minor, aspect) than the
> few remaining mktemp(3) instances in the C code.
>
>
> -schorsch
More information about the Radiance-dev
mailing list