[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Warnings and potential security problem in compilation of Lua5.0-alpha
- From: lua+Steven.Murdoch@...
- Date: Thu, 05 Dec 2002 14:57:31 +0000
> > I think this is connected to the security problems of the tmpnam function
> in
> > file lua-5.0-alpha/src/lib/liolib.c, line 440.
> (http://www.suse.com/us/private/
> > support/howto/secprog/secprog3.html#tmpf). It would be a very good idea to
> > switch to mkstemp, or if this is non-standard, at least allow it as an
> > compile-time option.
>
> I think this is more connected to the danger of tmpname potentially
> returning a name that already exists from a second application calling
> tmpname at the same time.
The chances of either of these happening is very low, the main problem with
tmpnam (and hence os.tmpname) is of another malicious user creating temporary
files in between the name being generated and the file being opened.
> io.tmpfile was added as an alternative solution to this problem.
io.tmpfile uses tmpfile, which is stated to be also insecure in:
http://www.suse.com/us/private/support/howto/secprog/secprog3.html#tmpf
However unlike tmpnam there is nothing in the manpages to indicate this so
perhaps it has been fixed. Probably a more definitive answer should be found,
otherwise mkstemp should be be used where available.
If os.tmpfile must remain in the os library and uses tmpnam then the
documentation should state that is is insecure and its use should be strongly
discouraged. The current documentation does mention that there can be
problems, but nothing about it being insecure.
Personally, given that the API is changing anyway, I think this might be a
good time to remove this function, there are more than enough security bugs
out there cased by the use of tmpnam already :-)
Steven Murdoch.
