Bugtraq mailing list archives
Re: Insecure use of file in /tmp by trn
From: R.E.Wolff () BITWIZARD NL (Rogier Wolff)
Date: Sat, 28 Aug 1999 09:59:42 +0200
Ben Pfaff wrote:
Rogier Wolff <R.E.Wolff () BITWIZARD NL> writes:Creating a tempfile from a C program is possible since we have a
[...]
SYNOPSIS mktemp [-q] [-u] template DESCRIPTION
[...]
If mktemp can successfully generate a unique file name, the file is cre- ated with mode 0600 (unless the -u flag is given) and the filename is printed to standard output.
Last I looked at the "mktemp" manpage it didn't create the file, and was thus vulnerable to races. This is an incompatible change that others didn't dare make. The world is becoming a better place ;-) Roger. -- ** R.E.Wolff () BitWizard nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* ------ Microsoft SELLS you Windows, Linux GIVES you the whole house ------
Current thread:
- Re: Insecure use of file in /tmp by trn Rogier Wolff (Aug 22)
- Re: Insecure use of file in /tmp by trn Martin Schulze (Aug 23)
- <Possible follow-ups>
- Re: Insecure use of file in /tmp by trn Richard Kettlewell (Aug 23)
- Re: Insecure use of file in /tmp by trn Ben Pfaff (Aug 24)
- Re: Insecure use of file in /tmp by trn Theo de Raadt (Aug 27)
- Re: Insecure use of file in /tmp by trn Martin Schulze (Aug 29)
- WU-FTPD Security Update Thomas Biege (Aug 29)
- Re: Insecure use of file in /tmp by trn Luca Berra (Aug 30)
- Re: Insecure use of file in /tmp by trn Shuman (Aug 28)
- Re: Insecure use of file in /tmp by trn Todd C. Miller (Aug 30)
- Re: Insecure use of file in /tmp by trn Rogier Wolff (Aug 28)
- Vixie Cron version 3.0pl1 vulnerable to root exploit Martin Schulze (Aug 28)
- Re: Insecure use of file in /tmp by trn Theo de Raadt (Aug 27)