OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Scalability metrics?
From: Greg Stark (gsstarkmit.edu)
Date: Sat Feb 12 2000 - 09:31:31 CST


Brad Knowles <blkskynet.be> writes:

> At 6:03 PM +0200 2000/2/11, Liviu Daia wrote:
>
> > Examples of operations that are not robust with the scheme described
> > by Bennett?
>
> The reason mkstemp() exists is to ensure that the temporary files
> are created with relatively secure (and unlikely to be guessed)
> names, which helps prevent people from exploiting race conditions to
> fill up spools, cause your program to over-write binaries that
> shouldn't, etc....
>
> If you create temporary files and you don't use mkstemp() and you
> don't emulate what mkstemp() does, then by definition, you are not
> creating them securely, and are inviting denial-of-service races,
> etc....

This is only relevant if you're creating them with special privileges in a
directory where an attacker would have write permissions. This isn't relevant
for an MTA queue directory for example. And in any case the major protection
mkstemp offers is _not_ the unpredictability of the filename, it's that it
uses O_CREAT|O_EXCL. This doesn't work on NFS anyways,

-- 
greg