[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Symlink vulnerabilities

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Symlink vulnerabilities
From: Tavis Ormandy <taviso@xxxxxxxxxxxxx>
Date: Sat, 22 Oct 2011 11:44:43 +0200

bugs@xxxxxxxxxxx wrote:
> 
> bashbug:
> 
> /usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$
> 
> Maybe I should use bashbug to report a bug in bashbug?
> 

I took a quick look, it's actually using mkdir to create a temporary
directory in /tmp, which it uses for collecting support files.

This is actually a safe way to use /tmp, assuming you check the return code
of mkdir (which it does). The mkdir() system call behaves very differently
to open(), and is not vulnerable to these attacks.

Tavis.

-- 
-------------------------------------
taviso@xxxxxxxxxxxxx | pgp encrypted mail preferred
-------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Symlink vulnerabilities
  - From: bugs

References:
- [Full-disclosure] Symlink vulnerabilities
  - From: bugs

Prev by Date: Re: [Full-disclosure] Symlink vulnerabilities
Next by Date: Re: [Full-disclosure] Google Chrome pkcs11.txt File Planting
Previous by thread: Re: [Full-disclosure] Symlink vulnerabilities
Next by thread: Re: [Full-disclosure] Symlink vulnerabilities
Index(es):
- Date
- Thread