Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]

To: mutt-dev@xxxxxxxx
Subject: Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]
From: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
Date: Wed, 4 Oct 2006 22:58:40 +0200
In-reply-to: <20061004203929.GB19527@xxxxxxxxxxxxx>
Mail-followup-to: mutt-dev@xxxxxxxx
References: <20061003204656.GG13301@xxxxxxx> <20061004074534.GA21588@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20061004142652.GB619@xxxxxxxxxxxxx> <20061004144919.GA2512@robert> <20061004153643.GF619@xxxxxxxxxxxxx> <20061003204656.GG13301@xxxxxxx> <20061004074534.GA21588@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20061004142652.GB619@xxxxxxxxxxxxx> <20061004151926.GE619@xxxxxxxxxxxxx> <20061004203929.GB19527@xxxxxxxxxxxxx>
User-agent: Mutt/1.5.13 (2006-09-01)

On 2006-10-04 16:39:29 -0400, Derek Martin wrote:

> It would seem that Mutt's temp file creation mechanisms all
> suffer from a potentially exploitable race condition.  Actually
> there are two: one in functions that call safe_open(), which only
> affects users creating temp files on NFS file systems (due to the
> O_EXCL problem), and one in functions that make use of
> safe_fopen(), because the resulting file is not adequately
> checked to determine if other users can modify it before it is
> written to.

Well, umask (077) is one of the first things mutt does, so the
second problem looks like a non-issue to me.  (I.e., other users
can't modify the temporary file unless the owner deliberately
changed the permissions.  Oh well.)

I'll admit that my memory of NFS subtleties is getting rusty at this
point.  Mind to elaborate on what safe_open ought to do besides the
check of comparing fstat and lstat results?

-- 
Thomas Roessler   <roessler@xxxxxxxxxxxxxxxxxx>

Follow-Ups:
- Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]
  - From: Derek Martin

References:
- mutt_adv_mktemp() ?
  - From: Pawel S. Veselov
- Re: mutt_adv_mktemp() ?
  - From: Rocco Rutte
- Re: mutt_adv_mktemp() ?
  - From: Kyle Wheeler
- Re: mutt_adv_mktemp() ?
  - From: Rocco Rutte
- Re: mutt_adv_mktemp() ?
  - From: Kyle Wheeler
- Re: mutt_adv_mktemp() ?
  - From: Kyle Wheeler
- security problem with temp files [was Re: mutt_adv_mktemp() ?]
  - From: Derek Martin

Prev by Date: possible missing include in 1.5.13
Next by Date: Re: mutt_adv_mktemp() ?
Previous by thread: security problem with temp files [was Re: mutt_adv_mktemp() ?]
Next by thread: Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]
Index(es):
- Date
- Thread