Issues with /tmp/mc-$USER directory
Koblinger Egmont
egmont at uhulinux.hu
Thu Dec 26 12:31:30 UTC 2002
Hi!
> 1) Check that /tmp/mc-$USER is ours. I think if I do stat() and it says
> that I'm the owner, no adversary will be able to replace the directory.
lstat() instead of stat() will be okay. stat() can be bad if someone else
owns a symlink which points to a file of yours, and in the next moment he
removes/alters that symlink. Again, portability issues... I'm afraid
lstat() is not available everywhere :(
> If /tmp/mc-$USER is ours, set proper permissions (700) on it if necessary
> and use it. Note that the files inside that directory still have random
> names.
>
> 2) If that fails, warn the user and create a directory under /tmp with a
> random name e.g. /tmp/mc-$USER-$RANDOM. If that works, schedule the
> directory for removal using g_atexit (portable atexit from glib) and use
> the directory.
>
> 3) If that fails, warn the user, set temporary directory to NULL and
> continue, but deny any requests to create temporary files.
This is okay, provided that you try many random filenames in step 2, not
just one or two. In this case step 3 will only be reached under very rare
circumstances (really hard spoofing by someone else or some setup problem
with /tmp).
bye,
Egmont
More information about the mc-devel
mailing list