Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Tempfile vulnerabilities
From: nbm () MITHRANDR MORIA ORG (Neil Blakey-Milner)
Date: Wed, 2 Feb 2000 12:50:14 +0200


On Mon 2000-01-31 (23:55), Grant Taylor wrote:

   sub get_tmpfile {
       my $file;
       do {
         open RAN, "/dev/random" || die;
         read(RAN,$foo,16);
         close RAN;
         $file = '/tmp/autobuse' . unpack('H16',$foo);
       } while (-e $file || -l $file);

       return $file;
   }

This method is Linux-specific, but that's all I need.  The fixed
autobuse is available at http://www.picante.com/~gtaylor/autobuse/

Note that Autobuse has, as far as I know, zero users (including me).
If I am wrong about this, please let me know!

I was about to suggest using mkstemp() from File::MkTemp, available
on CPAN, until I noticed that this mkstemp doesn't seem to use
O_CREAT and O_EXCL from Fcntl nor does it chmod 600 or similar.

It uses:

   $template = mktemp(@_);

   $openup = File::Spec->catfile($_[1], $template);

   $fh = new FileHandle ">$openup";  #and say ahhh.

   croak("Could not open file: $openup")
      unless(defined $fh);

   return($fh);

Which seems to be just as bad as using mktemp, and then opening a
file, with the usual race conditions.  Considering the general
feeling about the "mkstemp" concept, this implementation isn't
quite there.

Neil

--
Neil Blakey-Milner
nbm () rucus ru ac za



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]