Re: Issues with /tmp/mc-$USER directory

From: Pavel Roskin <proski gnu org>
To: Nerijus Baliunas <nerijus users sourceforge net>
Cc: "mc-devel gnome org" <mc-devel gnome org>
Subject: Re: Issues with /tmp/mc-$USER directory
Date: Wed, 25 Dec 2002 20:52:50 -0500 (EST)

On Thu, 26 Dec 2002, Nerijus Baliunas wrote:

> On Thu, 26 Dec 2002 01:44:53 +0100 (CET) Koblinger Egmont <egmont uhulinux hu> wrote:
>
> > Using fix file names under /tmp is impossible without risking security.
> > You can use fix file names under your home, or a unique non-existant
> > filename under /tmp.
>
> But why then I have .ICE-unix, .X11-unix, .wine-nerijus, kde-nerijus,
> orbit-nerijus directories and .X0-lock, =xmms_nerijus.0, etc files in /tmp?
> Does it mean all these projects do something wrong?

Of course not.  Sticky bit on directories prevents other users from
replacing your files.  Opening files with O_EXCL prevents symlink attacks.
Using fixed filenames with sufficient precautions on modern OSes with
proper permissions on /tmp can be made safe, in my opinion (but I'm not a
security expert).

The problem with mc is that it doesn't take sufficient precautions.  I
assumed that chmod() in mc_tmpdir() would fail if the directory belongs to
someone else.  The test shows that it's not the case.  I don't think it's
easy to exploit, since the filenames are random, but it's better to be on
the safe side.

-- 
Regards,
Pavel Roskin

References:
- Re: Issues with /tmp/mc-$USER directory
  - From: Koblinger Egmont
- Re: Issues with /tmp/mc-$USER directory
  - From: Nerijus Baliunas

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]