[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: os.tmpname security risk?
- From: HyperHacker <hyperhacker@...>
- Date: Wed, 13 Jul 2011 18:25:23 -0600
On Wed, Jul 13, 2011 at 18:17, Steve Litt <firstname.lastname@example.org> wrote:
> On Saturday, July 02, 2011 06:29:52 AM HyperHacker wrote:
>> The 5.1 manual states, for os.tmpname():
>> > On some systems (POSIX), this function also creates a file with
>> > that name, to avoid security risks. (Someone else might create
>> > the file with wrong permissions in the time between getting the
>> > name and creating the file.)
>> But what stops someone from removing that file and creating their
>> own, or changing its permissions? It doesn't seem like this really
>> mitigates the risk at all.
> I think the assumption is you'll use the file very quickly and then
> erase it, making it very hard for someone to switch out the file during
> the short time you'll be using it.
> I rolled my own temp file maker that in my opinion is better than those
> offered by Lua's distribution:
> Be careful -- I think the "%%%" in the error message should be "@@@".
> Good luck.
> Steve Litt
> Recession Relief Package
> Twitter: http://www.twitter.com/stevelitt
True, you usually open the file immediately after creating it, but
that leads to the potential security risk/race condition mentioned in
the first post (and the reason os.tmpname() creates the file for you)
- there is still a small window of opportunity (which an attacker
might have various ways of enlarging) to sneak in and tamper with the
file between the time you create it and the time you open it. (Or
another app creates the same file, overwriting yours during that
window - unlikely, but possible.)
Sent from my toaster.