Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Tempfile vulnerabilities
From: dugsong () MONKEY ORG (Dug Song)
Date: Mon, 31 Jan 2000 15:44:36 -0500

On Sun, 30 Jan 2000, foo wrote:

This weekend I decided to play around with a couple of network
management tools on securityfocus.com ... upon review of the source, I
noticed a bad trend. Both tools handle temporary files insecurely.

the l0pht's tempwatch tool is useful in rooting out such problems.


(or /usr/ports/security/tempwatch on OpenBSD)...

- Check for the existence of your temporary file before you do anything
with it:

if [ -e $tmpfile ]; then
        echo -e "ERROR! : temporary file exists, erasing!\r\n"; rm -rf

you still have an exploitable race here.

a better way around this (esp. for program with many tmp files) is to use
a temporary directory instead, as in OpenBSD's /etc/security script:

umask 077

if ! mkdir $DIR ; then
        printf "tmp directory %s already exists, looks like:\n" $DIR
        ls -alF $DIR
        exit 1

trap 'rm -rf $DIR; exit 1' 0 1 2 3 13 15

or if you're using OpenBSD, use the mktemp(1) program in your scripts:




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]