From owner-freebsd-questions Thu Apr 18 13:38:11 2002 Delivered-To: freebsd-questions@freebsd.org Received: from rhadamanth.submonkey.net (pc4-card4-0-cust162.cdf.cable.ntl.com [80.4.14.162]) by hub.freebsd.org (Postfix) with ESMTP id DF67E37B400; Thu, 18 Apr 2002 13:38:00 -0700 (PDT) Received: from setantae by rhadamanth.submonkey.net with local (Exim 3.35 #1) id 16yIf0-0002pg-00; Thu, 18 Apr 2002 21:37:42 +0100 Date: Thu, 18 Apr 2002 21:37:42 +0100 From: Ceri Davies To: Thomas Cannon Cc: freebsd-questions@FreeBSD.ORG, security-officer@freebsd.org Subject: Re: I think this could be better Message-ID: <20020418203742.GA10603@submonkey.net> Mail-Followup-To: Ceri Davies , Thomas Cannon , freebsd-questions@FreeBSD.ORG, security-officer@freebsd.org References: <20020418121731.O4793-100000@stereophonic.noops.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020418121731.O4793-100000@stereophonic.noops.org> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Apr 18, 2002 at 01:03:54PM -0700, Thomas Cannon wrote: > I just did a "make world" and noticed this go zipping by: > > mkdir -p /tmp/install.33931 > for prog in [ awk cat chflags chmod chown date echo egrep find grep ln > make makewhatis mtree mv perl rm sed sh sysctl test true uname wc zic; do > cp `which $prog` /tmp/install.33931; done > > I killed it and took a look around and saw that yes, indeed, we're > running (via make) a shell script (as root) that makes temporary files in > a world-writable directory, without checking to see if it exists first, with > a predictable name. Then it indiscriminately deletes all of it. While you're probably right to be concerned at use of a PID as a temporary filename, in this instance I'm not sure it's so terrible : {setantae@rhadamanth}-{/tmp} $ ln -s /etc.old/passwd install.35223 {setantae@rhadamanth}-{/tmp} # ls -l total 154 -r--r--r-- 1 root wheel 11 Apr 18 17:00 .X0-lock drwxrwxrwt 2 root wheel 512 Apr 18 17:00 .X11-unix -rw-r--r-- 1 setantae wheel 149989 Apr 18 21:03 foo lrwxr-xr-x 1 setantae wheel 15 Apr 18 21:26 install.35223 -> /etc.old/passwd -rw-r--r-- 1 rasputin wheel 37 Apr 18 17:24 wtf {setantae@rhadamanth}-{/tmp} $ su Password: {root@rhadamanth}-{/tmp} # mkdir -p install.35223 mkdir: install.35223: Permission denied {root@rhadamanth}-{/tmp} # > I could very easily be missing something. It frequently happens. I feel > like I must be, as I'd expect developers to be more prudent and use a > non-public temporary space just out of reflex. Is there some safety check > that I'm not seeing? I don't know if the above does actually mean that this is safe or not, but it would be nice if we could avoid using a process id as a temporary filename. Easy idea would be something like : {setantae@rhadamanth}-{~} $ echo $$ `date -ju +%s` |md5 cc6de3ce1ec7064221d8495c2d74e9f4 but that's only unique once per second. Ceri -- get the cool shoe shine To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message