Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Apr 2002 21:37:42 +0100
From:      Ceri Davies <setantae@submonkey.net>
To:        Thomas Cannon <tcannon@noops.org>
Cc:        freebsd-questions@FreeBSD.ORG, security-officer@freebsd.org
Subject:   Re: I think this could be better
Message-ID:  <20020418203742.GA10603@submonkey.net>
In-Reply-To: <20020418121731.O4793-100000@stereophonic.noops.org>
References:  <20020418121731.O4793-100000@stereophonic.noops.org>
index | next in thread | previous in thread | raw e-mail 

On Thu, Apr 18, 2002 at 01:03:54PM -0700, Thomas Cannon wrote:
> I just did a "make world" and noticed this go zipping by:
> 
> mkdir -p /tmp/install.33931
> for prog in [ awk cat chflags chmod chown date echo egrep find grep  ln
> make makewhatis mtree mv perl rm sed sh sysctl  test true uname wc zic; do
> cp `which $prog` /tmp/install.33931;  done
> 
> I killed it and took a look around and saw that yes, indeed, we're
> running (via make) a shell script (as root) that makes temporary files in
> a world-writable directory, without checking to see if it exists first, with
> a predictable name. Then it indiscriminately deletes all of it.

While you're probably right to be concerned at use of a PID as a temporary
filename, in this instance I'm not sure it's so terrible :

{setantae@rhadamanth}-{/tmp} $ ln -s /etc.old/passwd install.35223
{setantae@rhadamanth}-{/tmp} # ls -l
total 154
-r--r--r--  1 root      wheel      11 Apr 18 17:00 .X0-lock
drwxrwxrwt  2 root      wheel     512 Apr 18 17:00 .X11-unix
-rw-r--r--  1 setantae  wheel  149989 Apr 18 21:03 foo
lrwxr-xr-x  1 setantae  wheel      15 Apr 18 21:26 install.35223 -> /etc.old/passwd
-rw-r--r--  1 rasputin  wheel      37 Apr 18 17:24 wtf
{setantae@rhadamanth}-{/tmp} $ su
Password:
{root@rhadamanth}-{/tmp} # mkdir -p install.35223
mkdir: install.35223: Permission denied
{root@rhadamanth}-{/tmp} # 

> I could very easily be missing something. It frequently happens. I feel
> like I must be, as I'd expect developers to be more prudent and use a
> non-public temporary space just out of reflex. Is there some safety check
> that I'm not seeing?

I don't know if the above does actually mean that this is safe or not, but
it would be nice if we could avoid using a process id as a temporary filename.
Easy idea would be something like :

    {setantae@rhadamanth}-{~} $ echo $$ `date -ju +%s` |md5
    cc6de3ce1ec7064221d8495c2d74e9f4

but that's only unique once per second.

Ceri

-- 
get the cool shoe shine

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020418203742.GA10603>