May I ask what the grep(1) pattern was?
--
========================================================
Leon Kaiser - Head of GNAA Public Relations -
litera...@gnaa.eu || litera...@goatse.fr
http://gnaa.eu || http://security.goatse.fr
7BEECD8D FCBED526 F7960173 459111CE F01F9923
"The mask of anonymity is not intensely constructive."
-- Andrew "weev" Auernheimer
========================================================
On Sat, 2011-10-22 at 07:54 -0400, b...@fbi.dhs.org wrote:
> I apologize as my search wasn't a complex method, just a quick grep for
> signs of /tmp misuse. Indeed creating a directory under /tmp is a safeway
> to handle tmp files.
>
> > b...@fbi.dhs.org wrote:
> >>
> >> bashbug:
> >>
> >> /usr/bin/bashbug:TEMPDIR=$TMPDIR/bbug.$$
> >>
> >> Maybe I should use bashbug to report a bug in bashbug?
> >>
> >
> > I took a quick look, it's actually using mkdir to create a temporary
> > directory in /tmp, which it uses for collecting support files.
> >
> > This is actually a safe way to use /tmp, assuming you check the return
> > code
> > of mkdir (which it does). The mkdir() system call behaves very differently
> > to open(), and is not vulnerable to these attacks.
> >
> > Tavis.
> >
> > --
> > -------------------------------------
> > tav...@cmpxchg8b.com | pgp encrypted mail preferred
> > -------------------------------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
