From owner-freebsd-bugs Sun Mar 5 15:58: 7 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from blockhead.mincom.com (blockhead2.mincom.com [203.15.57.33]) by hub.freebsd.org (Postfix) with ESMTP id C664437B8A7; Sun, 5 Mar 2000 15:58:01 -0800 (PST) (envelope-from philh@mincom.com) Received: (from uucp@localhost) by blockhead.mincom.com (8.9.3/8.9.3) id JAA71922; Mon, 6 Mar 2000 09:57:59 +1000 (EST) (envelope-from philh@mincom.com) Received: from porthole.mincom.oz.au(172.17.100.2) via SMTP by blockhead.mincom.oz.au, id smtpdO71916; Mon Mar 6 09:57:52 2000 Received: (from philh@localhost) by porthole.mincom.oz.au (8.9.3/8.9.3/mincom) id JAA22667; Mon, 6 Mar 2000 09:57:49 +1000 (EST) (envelope-from philh) Date: Mon, 6 Mar 2000 09:57:48 +1000 From: Phil Homewood To: Colin Phipps Cc: sheldonh@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: gnu/16942: send-pr(1) creates unsafe temp files Message-ID: <20000306095747.R27456@mincom.com> References: <200003041014.CAA18944@freefall.freebsd.org> <20000304190449.A98983@crp22.trin.cam.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.5i In-Reply-To: <20000304190449.A98983@crp22.trin.cam.ac.uk>; from Colin Phipps on Sat, Mar 04, 2000 at 07:04:49PM +0000 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Colin Phipps wrote: > > The patch on PR 17175 looks a little cleaner. How does it look to > > you? > > Simplistic. It doesn't even fix the temp race, since the file pointed > to by $TEMP is rm'd and reopened e.g. if send-pr is looking up the username > in /etc/passwd. My patch uses a separate temporary file for each operation. *blink* I missed that; you're right. Should indeed be a separate tempfile, or at least just truncated without unlinking. Deleting the two "rm -f $TEMP" lines looks at first glance like it'll fix the race, at least. > Also, 17175 is more likely to leave temp files lying around if it is > interrupted. My patch attempts to minimise this possibility by only > creating those temporary files around the same place the trap is set > up to remove them on exit. I tried to change as little functionality as possible. My first attempt at a fix actually used 'mktemp -d' and cleaned up everything after itself, but send-pr does deliberately leave temp files lying around under some circumstances (eg, if the PR was "bad") so I decided to keep the functionality the same. All I was interested in was fixing the vulnerability. Having said that, I don't *like* the way it leaves cruft everywhere... Looking over the patch in 16942, I like it better too. Suggest going with that one and throwing mine out the window. :) -- This transmission is for the intended addressee only and is confidential information. If you have received this transmission in error, please delete it and notify the sender. The contents of this email are the opinion of the writer and are not endorsed by Mincom Ltd unless expressly stated otherwise. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message