Mike Kershaw wrote: >> Thanks for the pointers on security; I hadn't considered the >> implications of temporary files. > Nope - that's only the "less bad" security problem... A user with write > privs to your tmp dir, who knows you're writing to file 'foo', can screw > up any file the user you run the script as has permission to. (At the > least: break, depending on the script, manipulate). > > ln -s /etc/passwd /tmp/foo > > next time your script runs as root, you no longer have a working login > :P (Or working libc, or whatever else.) > Thanks, Mike! That's "Attack #2" on the link Michael Muller gave. It took me a moment to figure it out, but I see what could happen. So... what can I do about it? ATM my script uses 'mktemp' with no arguments, e.g. "TMP1=$(mktemp)". Should I create my own temporary files in some other location? What are some better ways, besides never using temporary files ever?
I'll just add that this particular script doesn't do anything critical or particularly confidential, and is /meant/ to be run by an ordinary user. Apart from the temporary files, it only needs to write to one user-selected directory. Is it worth putting in a "Are you sure?" if `whoami`=="root"? What would you, or anyone else here, suggest? Thanks! Adam _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Sep 3 - Porkchop - The Areas of My Expertise Oct 1 - Ubikeys Oct 4 - Linux Fest Nov 5 - Releasing Open Source Software Dec 3 - TBD
