May I ask what the grep(1) pattern was? -- ======================================================== Leon Kaiser - Head of GNAA Public Relations - litera...@gnaa.eu || litera...@goatse.fr http://gnaa.eu || http://security.goatse.fr 7BEECD8D FCBED526 F7960173 459111CE F01F9923 "The mask of anonymity is not intensely constructive." -- Andrew "weev" Auernheimer ========================================================
On Sat, 2011-10-22 at 07:54 -0400, b...@fbi.dhs.org wrote: > I apologize as my search wasn't a complex method, just a quick grep for > signs of /tmp misuse. Indeed creating a directory under /tmp is a safeway > to handle tmp files. > > > b...@fbi.dhs.org wrote: > >> > >> bashbug: > >> > >> /usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$ > >> > >> Maybe I should use bashbug to report a bug in bashbug? > >> > > > > I took a quick look, it's actually using mkdir to create a temporary > > directory in /tmp, which it uses for collecting support files. > > > > This is actually a safe way to use /tmp, assuming you check the return > > code > > of mkdir (which it does). The mkdir() system call behaves very differently > > to open(), and is not vulnerable to these attacks. > > > > Tavis. > > > > -- > > ------------------------------------- > > tav...@cmpxchg8b.com | pgp encrypted mail preferred > > ------------------------------------------------------- > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/