Holger Levsen wrote: > Sven, please ignore Nicos tone and have a look at > http://en.wikipedia.org/wiki/Symlink_race :-)
I would not recommend considering this wikipedia page an authoratitive reference for what can and cannot be used for symlink attacks. In particular, chosing a random filename and otherwise still writing to the file insecurely does not solve a symlink attack security hole, it just makes it N times more difficult for an attacker to successfully perform the attack. Where N is an arbitrary measure of how hard it is to guess the filename. For example, if I choose a random filename /tmp/foo.X, N is approximately 62 (a-z, A-Z, 0-9). A more typical /tmp/foo.XXXXXX obviously has a much higher value of N, but if the attack can be performed frequently enough or for a long enough time period, the hole is still possible to exploit. It's much simpler and better to simply use security best practices that avoid such attacks alltogether. For example, make sure that temp files are opened with O_EXCL and symlink attacks become impossible. Never using mode 777 directories, and at least using +t on shared temporary directories such as /tmp is another such best practice that avoids a whole class of security problems. -- see shy jo
signature.asc
Description: Digital signature
