Re: Problem with default slackware crontabs, /tmp symlinks

[marcs () znep com (Marc Slemko)]

On Tue, 24 Dec 1996, Jon Snyder wrote:

> Regarding the big debate over mkstemp(), etc. I think that if you want to
> use a temporary file in your shell script, that's fine.  Just do a check
> for the file you're about to write to, and if it exists, delete it (I
> don't know about every *NIX, but under linux (or any other system with
> GNU fileutils installed), an 'rm' will delete a link, rather than the file
> the link points to.  Thus, you're spared the symlink security problems.
> Most problems like this are caused by taking action without looking at the
> consequences, i.e. writing to a file without looking to see if it already
> exists and is pointing somewhere else.  Is there something this solution
> overlooks?

race condition.  Since the process of you deleting the file and then
creating it is not atomic, something can be done in between by someone
else.  All an attacker needs to do is create the file, wait for it to be
deleted by your script, then create the link before your script uses the
file.

If you are creating files in a directory that others can write to, you
need some procedure to create a file which:
        - is atomic, so there are no race conditions
        - does not follow links
        - will give an error if the file exists

The suggested procedure of making a directory under /tmp and creating a
file in that directory works because mkdir meets all the above conditions,
and once you have the new directory no others can write to it so you don't
have a problem.  This assumes, of course, that the sticky bit is set on
/tmp.  If not, you have problems in more ways than one.