LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

gnash: symlink attack

Package(s):gnash CVE #(s):CVE-2010-4337
Created:March 28, 2011 Updated:March 31, 2011
Description: From the CVE entry:

The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.

Alerts:
Fedora FEDORA-2011-3662 2011-03-19
Fedora FEDORA-2011-3658 2011-03-19
Debian DSA-2435-1 2012-03-20
(Log in to post comments)

Making tempfiles from shell scripts

Posted Mar 31, 2011 9:51 UTC (Thu) by epa (subscriber, #39769) [Link]

It's surprising how resilient the /tmp/foo.$$ idiom is, given the known symlink attacks. In their defence, most likely the developers felt that in a mere configure script it didn't matter - but I think we have to accept that it does matter, since drawing a line between code that matters and code that can be insecure would introduce more problems.

Is there a safe way to make temporary files from shell scripts?

Or, for that matter, can the kernel be patched to add a new permission bit for directories 'allow symlinks', it can be turned off for /tmp, and we're rid of this mess? (I guess hard links might still be a problem though)

Making tempfiles from shell scripts

Posted Mar 31, 2011 22:50 UTC (Thu) by jrn (subscriber, #64214) [Link]

> Is there a safe way to make temporary files from shell scripts?

mktemp -d?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds