Issues with /tmp/mc-$USER directory
Pavel Roskin
proski at gnu.org
Thu Dec 26 01:52:50 UTC 2002
On Thu, 26 Dec 2002, Nerijus Baliunas wrote:
> On Thu, 26 Dec 2002 01:44:53 +0100 (CET) Koblinger Egmont <egmont at uhulinux.hu> wrote:
>
> > Using fix file names under /tmp is impossible without risking security.
> > You can use fix file names under your home, or a unique non-existant
> > filename under /tmp.
>
> But why then I have .ICE-unix, .X11-unix, .wine-nerijus, kde-nerijus,
> orbit-nerijus directories and .X0-lock, =xmms_nerijus.0, etc files in /tmp?
> Does it mean all these projects do something wrong?
Of course not. Sticky bit on directories prevents other users from
replacing your files. Opening files with O_EXCL prevents symlink attacks.
Using fixed filenames with sufficient precautions on modern OSes with
proper permissions on /tmp can be made safe, in my opinion (but I'm not a
security expert).
The problem with mc is that it doesn't take sufficient precautions. I
assumed that chmod() in mc_tmpdir() would fail if the directory belongs to
someone else. The test shows that it's not the case. I don't think it's
easy to exploit, since the filenames are random, but it's better to be on
the safe side.
--
Regards,
Pavel Roskin
More information about the mc-devel
mailing list