Re: removal of /tmp/appXXXXXX
From: Brandon Erhart (berhart@ErhartGroup.COM)Date: 07/30/02
- Previous message: elguapo: "Re: Possible cable modem denial of service ?"
- In reply to: Matthew Hannigan: "Re: removal of /tmp/appXXXXXX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Jul 2002 20:28:31 -0500 To: Matthew Hannigan <mlh@zip.com.au>, vuln-dev@securityfocus.com From: Brandon Erhart <berhart@ErhartGroup.COM>
That's odd.. really odd. You may want to fix(?) (read: upgrade) your
library that contains that.. but no, i don't believe it's a problem, unless
it's trying to write to it beforehand (soft link to a sensative file by a
malicious user could be bad).. or unless some other program is using that
temporary file and your program removes it. Try upgrading the library.. or
reinstall the library, something.
-Brandon
At 06:11 PM 7/29/2002, Matthew Hannigan wrote:
>I should have been a little clearer.
>Those are literal X's. It attempts to
>remove the _exact same file_ every time.
>
>That's what I meant by tmpnam gone wrong.
>
>Matt
>
>
>Brandon Erhart wrote:
>>if those 'X's are "psuedo-random" characters, and they change each time,
>>i'm pretty sure you're safe. Unless the file is important or gets
>>overwritten while linked to an important file, nothing bad should happen
>>(I think??).
>>-Brandon
>>At 09:35 AM 7/29/2002, Matthew Hannigan wrote:
>>
>>>I found a program which removes
>>>a file named like /tmp/appXXXXXX. Seems
>>>to be a tmpnam attempt gone wrong.
>>>
>>>Does this make the system vulnerable?
>>>The program is run by root as often as
>>>not.
>>>
>>>Matt
>>.
>
>
- Previous message: elguapo: "Re: Possible cable modem denial of service ?"
- In reply to: Matthew Hannigan: "Re: removal of /tmp/appXXXXXX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
