Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Tempfile vulnerabilities
From: gtaylor+bugtraq_hcdbb013100 () PICANTE COM (Grant Taylor)
Date: Mon, 31 Jan 2000 23:55:18 -0500

foo <foo () BLACKLISTED INTRANOVA NET> writes:

In Autobuse's main perl script, line 96:

        if(!$test_run) {
                open OUT, ">/tmp/autobuse_report.$$"
                        or die "can't open /tmp/autobuse_report.$$";
                select OUT;

This is fixed, partly, in autobuse version snap949125599, and more so
in today's snap949380617, which uses this mktemp function:

   sub get_tmpfile {
       my $file;
       do {
           open RAN, "/dev/random" || die;
           close RAN;
           $file = '/tmp/autobuse' . unpack('H16',$foo);
       } while (-e $file || -l $file);

       return $file;

This method is Linux-specific, but that's all I need.  The fixed
autobuse is available at http://www.picante.com/~gtaylor/autobuse/

Note that Autobuse has, as far as I know, zero users (including me).
If I am wrong about this, please let me know!

Grant Taylor - gtaylor at picante.com - http://www.picante.com/~gtaylor/
    Linux Printing HOWTO:  http://www.picante.com/~gtaylor/pht/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]