Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: usb_modeswitch/pppd -detach
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 23 Jan 2012 11:15:43 -0500

On Mon, Jan 23, 2012 at 11:02 AM,  <Valdis.Kletnieks () vt edu> wrote:
On Sun, 22 Jan 2012 02:38:57 GMT, "Larry W. Cashdollar" said:

This is still a race condition since the pid can be guessed easily as well.  It's better to use mktemp 
/tmp/debug.XXXXXXXXXX.

No, that's *still* beatable, because if you know what the PID will be you can
guess what the XXXX will be filled in with (it's basically just salted with the
contents of the target directory, so anybody who can do a readdir() and can
guess the pid can predict the value).  What you *want* to do is read the mktemp
documentation and find this example on how to put the file into a securely
created subdirectory rather than directly in /tmp:

  * Create a secure fifo relative to the user's choice of `TMPDIR',
    but falling back to the current directory rather than `/tmp'.
    Note that `mktemp' does not create fifos, but can create a secure
    directory in which the fifo can live.  Exit the shell if the
    directory or fifo could not be created.
         $ dir=$(mktemp -p "${TMPDIR:-.}" -d dir-XXXX) || exit 1
         $ fifo=$dir/fifo
         $ mkfifo "$fifo" || { rmdir "$dir"; exit 1; }
mkstemp or mkdtemp within $HOME? Taken directly from "Secure
Programming for Linux and Unix HOWTO"
(http://www.dwheeler.com/secure-programs/).

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault