Bugtraq mailing list archives
Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)
From: Mark Delany <MarkD () BUSHWIRE NET>
Date: Sat, 16 Dec 2000 15:52:16 +0000
... Programmers who write general purpose shells and editors and sorts shouldn't have to worry about security issues.Why not? These programs tend to be used by vast numbers of people and security holes in them are very significant.
Agreed that good programmers should get this right, and perhaps for programs that are used by "vast numbers" of people there is no excuse for getting this wrong. But as this list has shown, even popular programs get this wrong so it's a safe assumption that many lesser known (or private) programs make the same mistake.
As you say, /tmp is pretty entrenched in a lot of code and it does have some convenience and resource management benefits. A restricted file system is probably the only realistic solution as that protects all those future programmers who make the same mistake (and all us lazy shell hackers).I am a lazy programmer. I don't bother to check that what I am doing is reliable or safe. Don't trust my code - it could wreck your system.
And that's the point. Even if you're the only person using your code - if you use /tmp on a shared system, someone else can probably promote themselves. In other words this problem is by no means constrained to programs specifically written for general use. The model on Unix is that programmers have to take additional and unusual steps to give away rights. /tmp breaks that model. The two choices seem to be to make sure that every programmer on the planet who ever uses /tmp on a shared system knows of this flaw and works around it - or change /tmp to fit the model. Regards.
Current thread:
- Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Andrew Church (Dec 15)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mark Delany (Dec 16)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) 0d0 (Dec 18)
- Re: Is /tmp still appropriate? Hanspeter Schmid (Dec 20)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Michael Damm (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) stanislav shalunov (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Ryan Russell (Dec 18)
- Message not available
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mark Delany (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) 0d0 (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Christian (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) DeRobertis (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mike A. Harris (Dec 19)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Kurt Seifried (Dec 19)
- Re: Is /tmp still appropriate? Peter W (Dec 19)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mark Delany (Dec 16)