From owner-freebsd-audit  Sun Nov 19 22:12:42 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6F42437B479; Sun, 19 Nov 2000 22:12:06 -0800 (PST)
Received: from grondar.za (grapevine.grondar.za [196.7.18.17])
	by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id eAK6BdJ17996;
	Mon, 20 Nov 2000 08:11:39 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <200011200611.eAK6BdJ17996@gratis.grondar.za>
To: Kris Kennaway <kris@FreeBSD.ORG>
Cc: audit@FreeBSD.ORG
Subject: Re: m4 tempfile fix 
References: <20001119165711.A3579@citusc17.usc.edu> 
In-Reply-To: <20001119165711.A3579@citusc17.usc.edu> ; from Kris Kennaway <kris@FreeBSD.ORG>  "Sun, 19 Nov 2000 16:57:11 PST."
Date: Mon, 20 Nov 2000 08:11:35 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> m4 was abusing mktemp() to make a unique prefix but then tacking on
> predictable prefixes to make multiple files. I fixed it to create a
> secure directory where it can play with its insecure filenames to its
> heart content. Reviews, anyone?

Don't like it, particularly if the directory is reasonably long-lived.

All an attacker needs to do is spin-wait for your dir, then cd into it.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message