Bugtraq mailing list archives
Re: Publically writable directories
From: brian () saturn net (Brian Mitchell)
Date: Mon, 17 Jun 1996 22:22:44 -0400
On Sun, 16 Jun 1996, Neil Soveran-Charley wrote:
Is there a safe way of opening a temporary file in a publically writable directory as a normal user, given a system with symbolic links? I'm even willing to assume a sticky bit on the directory. Main problem: How do I disallow a malicious $ ln -s /tmp/some.file $MYHOME/.somedotfile at the wrong times, without getting into race conditions?If the only user needing to access aid file is the user creating it, then one solution is to make a dir for yourself in /tmp and put your files in there. Of course you need to make SURE that the directory gets created securely so as the above problems don't affect it. I'm sure in most situations this could be done easily enough though...
In that case, would you not be better off making the tmp dir in $HOME instead of /tmp? Assuming home dir permissions aren't totally insane, that should solve most of your problems. Brian Mitchell brian () saturn net Unix Security / Perl / WWW / CGI http://www.saturn.net/~brian "I never give them hell. I just tell the truth and they think it's hell" - H. Truman
Current thread:
- [linux-security] Big security hole in kerneld's request_route Igor Chudov @ home (Jun 13)
- system() call in suid programs Not Joe (Jan 03)
- Re: system() call in suid programs Valdis.Kletnieks () vt edu (Jun 14)
- Re: system() call in suid programs Max Hailperin (Jun 14)
- Publically writable directories Thomas Koenig (Jun 16)
- Re: Publically writable directories Neil Soveran-Charley (Jun 16)
- Re: Publically writable directories Brian Mitchell (Jun 17)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: Publically writable directories Bill Pemberton (Jun 18)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: system() call in suid programs Valdis.Kletnieks () vt edu (Jun 14)
- system() call in suid programs Not Joe (Jan 03)
- Re: Publically writable directories Bill Pemberton (Jun 17)
- Re: Publically writable directories David DeSimone (Jun 17)
- Re: Publically writable directories Valdis.Kletnieks () vt edu (Jun 17)
- Re: Publically writable directories Michael Dilger (Jun 17)