MajorSophos

[Mark Nienberg]

On 8 Sep 2004 at 2:39, John Rudd wrote:

> On Sep 8, 2004, at 1:59 AM, Spicer, Kevin wrote:
>
> >> MajorSophos uses mktemp for the TMPDIR initialization, but mktemp
> >> isn't
> >> very portable (at least not to Solaris 8).  Here's what I did:
> >> around line 99-101, I changed:
> >>         TMPDIR=`mktemp -d -q /tmp/$BASE.XXXXXX`
> >> to:
> >>          TMPDIR="/tmp/$BASE.$$"
> >>          mkdir -m 700 $TMPDIR
> >> ($$ is "unique enough", considering the directory is short-lived, and
> >> process numbers are unique)
> >
> > Process numbers may be unique but they are predictable, therefore
> > should
> > not be used for creating temporary files and directories.
> >
>
> Can you please explain the logic there?

In theory, if someone with write access to the /tmp directory can predict that root will
run a program in /tmp or even write to a file in /tmp, then he or she could substitute a
malicious program or a symlink to a real system utility or whatnot.  It sounds hard,
but I guess it happens.

mktmp solves the problem, so I used it in MajorSophos.  I didn't know that it isn't very
portable. I'll add a check for the existense of mktemp and fall back to a different
method if it isn't there.  Look for a revised version in a few days.
--
Mark W. Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704
510 549-1906 ext 236
http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).