<<< Date Index >>>     <<< Thread Index >>>

Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]



On 2006-10-04 16:39:29 -0400, Derek Martin wrote:

> It would seem that Mutt's temp file creation mechanisms all
> suffer from a potentially exploitable race condition.  Actually
> there are two: one in functions that call safe_open(), which only
> affects users creating temp files on NFS file systems (due to the
> O_EXCL problem), and one in functions that make use of
> safe_fopen(), because the resulting file is not adequately
> checked to determine if other users can modify it before it is
> written to.

Well, umask (077) is one of the first things mutt does, so the
second problem looks like a non-issue to me.  (I.e., other users
can't modify the temporary file unless the owner deliberately
changed the permissions.  Oh well.)

I'll admit that my memory of NFS subtleties is getting rusty at this
point.  Mind to elaborate on what safe_open ought to do besides the
check of comparing fstat and lstat results?

-- 
Thomas Roessler   <roessler@xxxxxxxxxxxxxxxxxx>