Re: [Full-disclosure] Symlink vulnerabilities




I apologize as my search wasn't a complex method, just a quick grep for
signs of /tmp misuse. Indeed creating a directory under /tmp is a safeway
to handle tmp files.

bugs@xxxxxxxxxxx wrote:

bashbug:

/usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$

Maybe I should use bashbug to report a bug in bashbug?


I took a quick look, it's actually using mkdir to create a temporary
directory in /tmp, which it uses for collecting support files.

This is actually a safe way to use /tmp, assuming you check the return
code
of mkdir (which it does). The mkdir() system call behaves very differently
to open(), and is not vulnerable to these attacks.

Tavis.

--
-------------------------------------
taviso@xxxxxxxxxxxxx | pgp encrypted mail preferred
-------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: [Full-disclosure] Symlink vulnerabilities
    ... it's actually using mkdir to create a temporary ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Symlink vulnerabilities
    ... it's actually using mkdir to create a temporary ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Symlink vulnerabilities
    ... Maybe I should use bashbug to report a bug in bashbug? ... it's actually using mkdir to create a temporary ...
    (Full-Disclosure)