![[LWN Logo]](/images/lwn.banner.gif)
Date: Mon, 9 Mar 1998 22:07:04 -0500 (EST) From: Greg Alexander <galexand@sietch.bloomington.in.us> To: bugtraq@netspace.org, linux-security@redhat.com Subject: [linux-security] Linux libc5 'bug' in mkstemp(). Pardon me if this is already known -- Theo, at least, had never heard of a Unix doing this. mkstemp() under Linux claims to conform to BSD4.3, but BSDs (FreeBSD and OpenBSD, at least) seem to have a slightly different behavior. Under Linux, new files are created with mode 0666, while under BSDs new files are created with mode 0600. A user need only set his umask to 0 and he will be able to write to temp files created with mkstemp() by suid root programs, unless the suid root programs set their own umask. This is probably not a major problem for any apps, but it's something everyone should note when porting security-sensitive apps to Linux from BSDs (and possibly other platforms). [mod: I disagree with the "not a major problem" part, every breach like this leads to a root hole. -- REW] A quick check shows that mkstemp() is implemented in glibc2.0.7-pre1 using 0666 as well, but that was just from a prefunctory glance at the code -- something may be going on that I didn't notice. Greg Alexander - also <gralexan@indiana.edu> - http://sietch.home.ml.org/ ---- Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec -- ---------------------------------------------------------------------- Please refer to the information about this list as well as general information about Linux security at http://www.aoy.com/Linux/Security. ---------------------------------------------------------------------- To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null