<<< Date Index >>>     <<< Thread Index >>>

Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]



On Wed, Oct 04, 2006 at 06:16:19PM -0400, Derek Martin wrote:
> This is easy to demonstrate, using the attached program.  

Oops, forgot to attach the code.  Not that it was anything
mind-boggling... but this time attached.  :)

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>

int main(int argc, char **argv){

        FILE *foo;
        char *fnam="/tmp/mutt-host-uid-pid-counter";

        umask(077);
        printf("%s\n", fnam);
        sleep(30);
        foo = fopen(fnam, "w+");
        fprintf(foo, "test\n");
        fclose(foo);
        return(0);
}

Attachment: pgpR8TVkThX2U.pgp
Description: PGP signature