Comment 3 for bug 164148
Revision history for this message
| Michael Biebl (mbiebl) wrote Re: [Bug 164148] Re: unsafe tempfile usage | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
2007/11/20, Kees Cook <email address hidden>:
> As far as I can tell, the filters are spawned directly from tracker, so
> they share the current working directory. When I looked at the tracker
> running in my session, its directory was my home directory. The code
> from one of the filters reads:
>
> st=/tmp/tempfile.$$
> nice -n19 ssindex -i "$1" > st
>
> Using "st" there instead of "$st" means that the file "st" will be
> overwritten in the current directory, which, I think in this case is the
> user's home directory. So, in this case, only msword_filter is actually
> vulnerable to tempfile races (the others just clobber "st").
>
> I don't have a proof-of-concept for this, I was just doing some code
> reading.
Using "st" instead of "$st" is obviously a typo.
Nonetheless, the usage of /tmp/tempfile.$$ is generaly discouraged
from a security pov.
http://
recommends to use "mktemp" for creating secure temp files.
Cheers,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?