> > Still not sure about those temp files. People like to see a possible
> > exploit in every temp file.
>
> Well, yes, if you get the pid, you can create symlink files in /tmp and
> overwrite things. How do I handle this properly, probably a directory
> in /tmp that I create but I have to set my umask first -- is that a
> plan?
Forget what I said, you don't need to change the umask, just do:
trap "rm -rf /tmp/$$" 0 1 2 3 15mkdir /tmp/$$ || exit 1
and you call all your temp files /tmp/$$/XXX, right? Once you create
the directory, you own it and no one else can write into there.
I just did a Google search and no one came up with this idea, though I
believe X11 uses /tmp directories for this exact reason, right?
I finally found one mention of it: Seems Suse uses it, but they did
'mkdir -p' which doesn't return an error if it fails so it was a
security problem itself:
http://groups.google.com/groups?q=tmp+security+race+directory+script+mkdir&hl=en&selm=bugtraq/Pine.LNX.4.30.0101170202040.15609-100000%40dent.suse.de&rnum=1
I just looked in /usr/bin on BSD/OS and found a whole bunch that do the
insecure /tmp/$$ trick I currently do in pg_upgrade:#$ file `grep -l '\$\$' *` | grep shell cvsbug: Bourne shell
scripttextigawk: Bourne shell script textlorder: Bourne shell script textmkdep: Bourne shell script
textpppattach: Korn shell script textrcsfreeze: Bourne shell script textsendbug: Bourne shell script
textuupick: Bourne shell script text
For example, cvsbug does:[ -z "$TMPDIR" ] && TMPDIR=/tmpTEMP=$TMPDIR/p$$BAD=$TMPDIR/pbad$$REF=$TMPDIR/pf$$
Bet everyone has that one on their system. :-)
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026