The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[linux-security] Vunerable shell scripts


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Tue, 17 Mar 1998 16:41:47 +0500 (ESK)
Date: Sat, 14 Mar 1998 17:57:33 +0100
From: Michal Zalewski <[email protected]>
To: [email protected]
Subject: [linux-security] Vunerable shell scripts

I made a list of /usr/bin scripts which allows /tmp races. Following
ones creates /tmp/something.$$, then, with no
permission/ownership checking, /tmp/something.$$.x (x may vary
;), or even performs suitable checks, but gives enough time to alter /tmp
contents: glibcbug, bashbug, znew, mailstat, autoupdate, x11perfcomp,
gccmakedep, pnmindex, xcopy, autoheader, cvsbug, rcs2log, updatedb, igawk,
zdiff, zcmp, findaffix, munchlist, report-kaffe-bug, mailshar, MakeTeXPK,
makeindex, texhash, ircbug [...]

This list has been made on RedHat 5.0 Linux distribution. It includes
only /bin/sh scripts and it isn't complete, but maybe it will show the
range of /tmp races problem. Simple

TMPFILE=/tmp/myproggy.$$
trap "rm -f $TMPFILE;exit 1" 1 2 ...
[...]
do_something >$TMPFILE

is not sufficient and may be extremally harmful!!! You should at least use
mktemp to create temporary files, or|and prevent from creating anything
in /tmp directly.

_______________________________________________________________________
Michal Zalewski [tel 9690] | finger 4 PGP [[email protected]]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deustch]
=--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe [email protected] < /dev/null

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру