[Guido] > Every few months I receive patches that purport to make the tempfile > module more secure. I've never felt that it is a problem. What is > with these people? [Tim] > Doing a google search on > > tempfile security > > turns up hundreds of rants. Have fun <wink>. There does appear to be a > real vulnerability here somewhere (not necessarily Python), but the closest > I found to a clear explanation in 10 minutes was an annoyed paragraph, > saying that if I didn't already understand the problem I should turn in my > Unix Security Expert badge immediately. Unfortunately, Bill Gates never > issued one of those to me. On <http://www.insecure.org/sploits/gcc.tmpfiles.html> you can find a working example which exploits this vulnerability in older versions of GCC. The basic idea is indeed very simple: Since the /tmp directory is writable for any user, the bad guy can create a symbolic link in /tmp pointing to some arbitrary file (e.g. to /etc/passwd). The attacked program will than overwrite this arbitrary file (where the programmer really wanted to write something to his tempfile instead). Since this will happen with the access permissions of the process running this program, this opens a bunch of vulnerabilities in many programs writing something into temporary files with predictable file names. www.cert.org is another great place to look for security related info. Regards, Peter -- Peter Funk, Oldenburger Str.86, D-27777 Ganderkesee, Germany, Fax:+49 4222950260 office: +49 421 20419-0 (ArtCom GmbH, Grazer Str.8, D-28359 Bremen)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4