Re: Issues with /tmp/mc-$USER directory

From: Koblinger Egmont <egmont uhulinux hu>
To: mc-devel gnome org
Subject: Re: Issues with /tmp/mc-$USER directory
Date: Thu, 26 Dec 2002 13:31:30 +0100 (CET)

Hi!

> 1) Check that /tmp/mc-$USER is ours.  I think if I do stat() and it says
> that I'm the owner, no adversary will be able to replace the directory.

lstat() instead of stat() will be okay. stat() can be bad if someone else
owns a symlink which points to a file of yours, and in the next moment he
removes/alters that symlink.  Again, portability issues... I'm afraid
lstat() is not available everywhere :(

> If /tmp/mc-$USER is ours, set proper permissions (700) on it if necessary
> and use it.  Note that the files inside that directory still have random
> names.
>
> 2) If that fails, warn the user and create a directory under /tmp with a
> random name e.g. /tmp/mc-$USER-$RANDOM.  If that works, schedule the
> directory for removal using g_atexit (portable atexit from glib) and use
> the directory.
>
> 3) If that fails, warn the user, set temporary directory to NULL and
> continue, but deny any requests to create temporary files.

This is okay, provided that you try many random filenames in step 2, not
just one or two. In this case step 3 will only be reached under very rare
circumstances (really hard spoofing by someone else or some setup problem
with /tmp).



bye,
Egmont

Follow-Ups:
- Re: Issues with /tmp/mc-$USER directory
  - From: Pavel Roskin

References:
- Re: Issues with /tmp/mc-$USER directory
  - From: Pavel Roskin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]