gsstarkmit.edu

• Next message: Matthias Andree: "Re: User trapped by embedded nroff documentation sources"
• Previous message: Keith Stevenson: "Re: Odd smtpd sig 10s"
• Next in thread: Brad Knowles: "Re: Scalability metrics?"
• Maybe reply: Greg Stark: "Re: Scalability metrics?"
• Reply: Brad Knowles: "Re: Scalability metrics?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Brad Knowles <blkskynet.be> writes:

> At 6:03 PM +0200 2000/2/11, Liviu Daia wrote:
>
> > Examples of operations that are not robust with the scheme described
> > by Bennett?
>
> The reason mkstemp() exists is to ensure that the temporary files
> are created with relatively secure (and unlikely to be guessed)
> names, which helps prevent people from exploiting race conditions to
> fill up spools, cause your program to over-write binaries that
> shouldn't, etc....
>
> If you create temporary files and you don't use mkstemp() and you
> don't emulate what mkstemp() does, then by definition, you are not
> creating them securely, and are inviting denial-of-service races,
> etc....

This is only relevant if you're creating them with special privileges in a
directory where an attacker would have write permissions. This isn't relevant
for an MTA queue directory for example. And in any case the major protection
mkstemp offers is _not_ the unpredictability of the filename, it's that it
uses O_CREAT|O_EXCL. This doesn't work on NFS anyways,

-- 
greg

• Next message: Matthias Andree: "Re: User trapped by embedded nroff documentation sources"
• Previous message: Keith Stevenson: "Re: Odd smtpd sig 10s"
• Next in thread: Brad Knowles: "Re: Scalability metrics?"
• Maybe reply: Greg Stark: "Re: Scalability metrics?"
• Reply: Brad Knowles: "Re: Scalability metrics?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]