Bugtraq mailing list archives
Re: Insecure use of file in /tmp by trn
From: R.E.Wolff () BITWIZARD NL (Rogier Wolff)
Date: Sat, 28 Aug 1999 09:59:42 +0200
Ben Pfaff wrote:
Rogier Wolff <R.E.Wolff () BITWIZARD NL> writes:Creating a tempfile from a C program is possible since we have a
[...]
SYNOPSIS
mktemp [-q] [-u] template
DESCRIPTION
[...]
If mktemp can successfully generate a unique file name, the file is cre-
ated with mode 0600 (unless the -u flag is given) and the filename is
printed to standard output.
Last I looked at the "mktemp" manpage it didn't create the file, and
was thus vulnerable to races. This is an incompatible change that
others didn't dare make.
The world is becoming a better place ;-)
Roger.
--
** R.E.Wolff () BitWizard nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
------ Microsoft SELLS you Windows, Linux GIVES you the whole house ------
Current thread:
- Re: Insecure use of file in /tmp by trn Rogier Wolff (Aug 22)
- Re: Insecure use of file in /tmp by trn Martin Schulze (Aug 23)
- <Possible follow-ups>
- Re: Insecure use of file in /tmp by trn Richard Kettlewell (Aug 23)
- Re: Insecure use of file in /tmp by trn Ben Pfaff (Aug 24)
- Re: Insecure use of file in /tmp by trn Theo de Raadt (Aug 27)
- Re: Insecure use of file in /tmp by trn Martin Schulze (Aug 29)
- WU-FTPD Security Update Thomas Biege (Aug 29)
- Re: Insecure use of file in /tmp by trn Luca Berra (Aug 30)
- Re: Insecure use of file in /tmp by trn Shuman (Aug 28)
- Re: Insecure use of file in /tmp by trn Todd C. Miller (Aug 30)
- Re: Insecure use of file in /tmp by trn Rogier Wolff (Aug 28)
- Vixie Cron version 3.0pl1 vulnerable to root exploit Martin Schulze (Aug 28)
- Re: Insecure use of file in /tmp by trn Theo de Raadt (Aug 27)