package rkhunter reopen 496375 thanks Le lundi 25 août 2008 à 12:52 +0200, Julien Cristau a écrit : > On Mon, Aug 25, 2008 at 11:09:02 +0200, Julien Valroff wrote: > > > I think rkhunter is safe, given that the script does check that the file > > in /tmp is a file (and not a symlink) before using it: > > > > if [ "$1" = "--debug" ]; then > > if [ -e "/tmp/rkhunter-debug" ]; then > > if [ -f "/tmp/rkhunter-debug" -a ! -h > > "/tmp/rkhunter-debug" ]; then > > rm -f /tmp/rkhunter-debug >/dev/null 2>&1 > > else > > echo "Cannot use '--debug' option. > > /tmp/rkhunter-debug already exists, but it is not a file." > > exit 1 > > fi > > fi > > > > Would you please confirm this is ok so that I can close this bug? > > > This isn't ok. Your script is still vulnerable to a race condition (if > the symlink is created between when you check for it and when you use > it).
Thanks for your precision. I hence re-open the bug. What can I do to prevent this? Dmitry suggested using mktemp, but this would only *reduce* the probability of exploiting this race condition. Would this be acceptable? Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
