Date: Sun, 16 Jan 2000 18:11:43 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: audit@freebsd.org Subject: libc patch to warn about tempfiles Message-ID: <Pine.BSF.4.21.0001161808160.32821-100000@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Here's a patch to libc which complains when an application tries to use
mktemp()/mkstemp()/... with fewer than 10 X's (using 6 is common, but
unfortunately insecure since the PID is either known or easily guessable,
leaving only 52 different results). This may be useful for tracking down
insecure ports, as well as things in the base tree which have yet to be
fixed.
Kris
Index: mktemp.c
===================================================================
RCS file: /home/ncvs/src/lib/libc/stdio/mktemp.c,v
retrieving revision 1.18
diff -u -r1.18 mktemp.c
--- mktemp.c 2000/01/12 09:23:41 1.18
+++ mktemp.c 2000/01/17 02:08:00
@@ -42,6 +42,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
+#include <err.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
@@ -105,6 +106,7 @@
register char *start, *trv, *suffp;
struct stat sbuf;
int pid, rval;
+ int count = 0;
if (doopen && domkdir) {
errno = EINVAL;
@@ -124,6 +126,7 @@
while (*trv == 'X' && pid != 0) {
*trv-- = (pid % 10) + '0';
pid /= 10;
+ count++;
}
while (*trv == 'X') {
char c;
@@ -133,8 +136,11 @@
c = pid + 'A';
else
c = (pid - 26) + 'a';
+ count++;
*trv-- = c;
}
+ if (count<10)
+ warnx("WARNING: Temporary file created using %d X's", count);
start = trv + 1;
/*
----
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001161808160.32821-100000>