[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

temp file hole?

From: Stefan Monnier
Subject: temp file hole?
Date: Wed, 03 Oct 2007 19:38:27 -0400
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/23.0.50 (gnu/linux)

I'm afraid that the recent change to tramp-make-temp-file to use
makw-temp-name instead of make-temp-file introduced a security hole (the
very hole plugged by the introduction of make-temp-file in the first place).

I.e. if you want to keep using make-temp-name, please justify with comments
why your code is not vulnerable to the usual temp-file race condition
which goes something like:
1- Tramp decides to use /tmp/foo1234 as temp file.
2- some attacker creates a symlink from /tmp/foo1234 to some interesting place.
3- Tramp writes to /tmp/foo1234 without realizing that it's actually writing
   to the interesting place through that symlink.

The make-temp-name docstring also says:

   There is a race condition between calling `make-temp-name' and creating the
   file which opens all kinds of security holes.  For that reason, you should
   probably use `make-temp-file' instead, except in three circumstances:
   * If you are creating the file in the user's home directory.
   * If you are creating a directory rather than an ordinary file.
   * If you are taking special precautions as `make-temp-file' does.

-- Stefan

reply via email to

[Prev in Thread] Current Thread [Next in Thread]