Re: [Full-disclosure] Symlink vulnerabilities
- From: bugs@xxxxxxxxxxx
- Date: Sat, 22 Oct 2011 07:54:47 -0400 (EDT)
I apologize as my search wasn't a complex method, just a quick grep for
signs of /tmp misuse. Indeed creating a directory under /tmp is a safeway
to handle tmp files.
bugs@xxxxxxxxxxx wrote:
bashbug:
/usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$
Maybe I should use bashbug to report a bug in bashbug?
I took a quick look, it's actually using mkdir to create a temporary
directory in /tmp, which it uses for collecting support files.
This is actually a safe way to use /tmp, assuming you check the return
code
of mkdir (which it does). The mkdir() system call behaves very differently
to open(), and is not vulnerable to these attacks.
Tavis.
--
-------------------------------------
taviso@xxxxxxxxxxxxx | pgp encrypted mail preferred
-------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] Symlink vulnerabilities
- From: Leon Kaiser
- Re: [Full-disclosure] Symlink vulnerabilities
- References:
- [Full-disclosure] Symlink vulnerabilities
- From: bugs
- Re: [Full-disclosure] Symlink vulnerabilities
- From: Tavis Ormandy
- [Full-disclosure] Symlink vulnerabilities
- Prev by Date: Re: [Full-disclosure] Google Chrome pkcs11.txt File Planting
- Next by Date: Re: [Full-disclosure] Symlink vulnerabilities
- Previous by thread: Re: [Full-disclosure] Symlink vulnerabilities
- Next by thread: Re: [Full-disclosure] Symlink vulnerabilities
- Index(es):
Relevant Pages
|
