Menu

#44 Some scripts appear to be using temporary files insecurely

release 1.1.1
open
nobody
None
5
2011-05-11
2011-05-11
Daniele Tricoli
No

Hello,
few scripts appear to be using temporary files insecurely:

$ grep -r -E '[^a-z]/tmp/.*$$' .
./doc/cheatsheets/making_a_release: $ ./make_release 1.0.3 > /tmp/make_release.out 2>&1 &
./doc/cheatsheets/making_a_release: $ tail -f /tmp/make_release.out
./doc/cheatsheets/web.upload:./make_doc_tarball /tmp/pyke.html.tar
./doc/cheatsheets/web.upload:scp /tmp/pyke.html.tar mtnyogi@web.sourceforge.net:
./doc/cheatsheets/web.upload:rm /tmp/pyke.html.tar
./doc/source/bin/make_sitemap:STATUS_FILE=/tmp/make_sitemap.$$
./doc/source/bin/add_links:TMP_FILE=/tmp/add_links.$$
./make_release:TMPFILE=/tmp/make_release.$$
./testpyke:TMP1=/tmp/testpyke1.$$
./testpyke:TMP2=/tmp/testpyke2.$$
./testpyke:TMP3=/tmp/testpyke3.$$

These files have predictable names, which can be exploited by an
attacker to overwrite arbitrary files or cause other kind of DoS.

The problem can be avoided using mktemp.

Kind regards,
Daniele Tricoli

Discussion

  • Daniele Tricoli

    Daniele Tricoli - 2011-05-11

    Using mktemp in add_links script

     
    02_fix-insecure-temporary-file-use.patch

  • Daniele Tricoli

    Daniele Tricoli - 2011-05-11

    I have attached a patch for add_links script.

     

Log in to post a comment.

MongoDB Logo MongoDB