[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

[FWP] Re: Puzzle - Temp file creation

To: "Brian L. Matthews" <blm@halcyon.com>
Subject: [FWP] Re: Puzzle - Temp file creation
From: Todd Larason <jtl@molehill.org>
Date: Thu, 15 Jul 1999 01:20:01 -0700
Cc: fwp@technofile.org
In-Reply-To: <199907142208.PAA16980@chinook.halcyon.com>; from Brian L. Matthews on Wed, Jul 14, 1999 at 03:08:39PM -0700
References: <m3d7xvm19k.fsf@chany-p100.emwp.com> <199907142208.PAA16980@chinook.halcyon.com>

On 14 July 99, Brian L. Matthews wrote:
> Hope your scripts are never run under modperl or the like, or you never
> want to create more than one temp file in a script. And that *every other
> script* that could be running on the same machine is well-behaved.

And the most important condition: that nobody is being malicious.

Many many programs are vulnerable to attacks that look something like:
for ($pid = $$+10; $pid < $$+100; $pid++) {
  for ($time = time(); $time < time() + 60; $time++) {
    link "/important/file/attackee/has/write/access/to","/tmp/tmp.$pid.$time";
  }
}

and waiting for the user to run the program.  If it's setuid, you don't
even have to wait, you can run it - but even if it isn't, you only have to
do this at the right time *once*.

==== Want to unsubscribe from Fun With Perl?  Well, if you insist...
==== Send email to <fwp-request@technofile.org> with message _body_
====   unsubscribe

References:
- Re: [FWP] Puzzle - Temp file creation
  - From: Chaim Frenkel <chaimf@pobox.com>
- Re: [FWP] Puzzle - Temp file creation
  - From: Brian "L." Matthews <blm@halcyon.com>

Prev by Date: Re: [FWP] Consistency
Next by Date: Re: [FWP] Consistency
Prev by thread: Re: [FWP] Puzzle - Temp file creation
Next by thread: Re: [FWP] Puzzle - Temp file creation
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net