/tmp race in mc-4.5.0

[pavel () BUG UCW CZ (Pavel Machek)]

Hi!

> mc 4.5.0 creates a temporary file in /tmp when it's started.
> It's called talk.fish and has the mode 644. If a user would link the
> file to /etc/passwd or anything else, when the root would start mc, the
> file would be erased.

It was me who added talk.fish file (and it kind of escaped me, sorry),
it is debugging hack and it is currently disabled in my tree (and
CVS). Workaround is:

create /tmp/talk.fish yourself, so that noone can put symlink there

solution is: do not run beta software as root, 4.0.X is stable, 4.5.0
is not.

                                                                Pavel

PS: There are more /tmp/ holes in midnight commander, beware. Extfs
scripts contain some. I'm going to mark them FIXME: TMP RACE in
development tree. What is worse, they are probably going to
stay there until someone invents safe & portable way of how to work
with temporary files from shell.

(Actually, is this safe? It might be safe & portable, unfortunately,
it is also slow & ugly)

    TMPDIR=/tmp/mctmpdir.$$
    mkdir $TMPDIR || exit 0
    cd $TMPDIR
    do_something > $TMPDIR/file
    rm $TMPDIR/file
    rmdir $TMPDIR

?

PPS: It might be nice to contact authors of affected program few days
before you post to bugtraq...

--
I'm really pavel () atrey karlin mff cuni cz.         Pavel
Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).