[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: os.tmpname security risk?
- From: "Drake Wilson" <drake@...>
- Date: Sat, 02 Jul 2011 03:47:51 -0700
On Sat, 02 Jul 2011 04:29 -0600, "HyperHacker" <hyperhacker@gmail.com> wrote:
> The 5.1 manual states, for os.tmpname():
> > On some systems (POSIX), this function also creates a file with that name, to avoid security risks. (Someone else might create the file with wrong permissions in the time between getting the name and creating the file.)
> But what stops someone from removing that file and creating their own,
> or changing its permissions? It doesn't seem like this really
> mitigates the risk at all.
On a stock modern Unixlike system? The permissions on /tmp, usually.
Another user is not permitted to remove your file, since /tmp is a
sticky (owner-remove-only) directory, nor change its mode, since ey
doesn't own the file.
Another process running as the same user is generally considered in
the same security domain and can meddle with the running program in
much deeper ways, if it's malicious; accidentally stomping on your
tempfile would mainly happen if the other program is particularly
bad about such things anyway.
---> Drake Wilson