Issues with /tmp/mc-$USER directory

Koblinger Egmont egmont at uhulinux.hu
Thu Dec 26 12:31:30 UTC 2002


Hi!

> 1) Check that /tmp/mc-$USER is ours.  I think if I do stat() and it says
> that I'm the owner, no adversary will be able to replace the directory.

lstat() instead of stat() will be okay. stat() can be bad if someone else
owns a symlink which points to a file of yours, and in the next moment he
removes/alters that symlink.  Again, portability issues... I'm afraid
lstat() is not available everywhere :(

> If /tmp/mc-$USER is ours, set proper permissions (700) on it if necessary
> and use it.  Note that the files inside that directory still have random
> names.
>
> 2) If that fails, warn the user and create a directory under /tmp with a
> random name e.g. /tmp/mc-$USER-$RANDOM.  If that works, schedule the
> directory for removal using g_atexit (portable atexit from glib) and use
> the directory.
>
> 3) If that fails, warn the user, set temporary directory to NULL and
> continue, but deny any requests to create temporary files.

This is okay, provided that you try many random filenames in step 2, not
just one or two. In this case step 3 will only be reached under very rare
circumstances (really hard spoofing by someone else or some setup problem
with /tmp).



bye,
Egmont




More information about the mc-devel mailing list