Thread: pgsql/src/bin/initdb initdb.sh
CVSROOT: /home/projects/pgsql/cvsroot
Module name: pgsql
Changes by: petere@hub.org 01/06/23 19:29:48
Modified files:
src/bin/initdb : initdb.sh
Log message:
Don't use a temp file. It was created insecurely and was easy to do without.
> CVSROOT: /home/projects/pgsql/cvsroot
> Module name: pgsql
> Changes by: petere@hub.org 01/06/23 19:29:48
>
> Modified files:
> src/bin/initdb : initdb.sh
>
> Log message:
> Don't use a temp file. It was created insecurely and was easy to do without.
This brings up a question. If I have pid 333 and someone creates a file
world-writable called /tmp/333, and I go and do:
cat file >/tmp/$$
isn't another user now able to modify those temp file contents. Is that
the insecurity you mentioned Peter, and if so, how do you prevent this?
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Bruce Momjian writes: > This brings up a question. If I have pid 333 and someone creates a file > world-writable called /tmp/333, and I go and do: > > cat file >/tmp/$$ > > isn't another user now able to modify those temp file contents. Is that > the insecurity you mentioned Peter, and if so, how do you prevent this? That is one possibility. Another exploit is with a symlink from /tmp/333 to a file you want to overwrite. This is more fun with root, but it's still not a good idea here. To securely create a temp file in shell you need to use mktemp(1), or do something like (umask 077 && mkdir $TMPDIR/$$) to create a subdirectory. Needless to say, it's tricky. -- Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter