Re: os.tmpname security risk?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: os.tmpname security risk?
From: Steve Litt <slitt@...>
Date: Wed, 13 Jul 2011 21:33:40 -0400

On Wednesday, July 13, 2011 08:25:23 PM HyperHacker wrote:
> On Wed, Jul 13, 2011 at 18:17, Steve Litt 
<slitt@troubleshooters.com> wrote:
> > On Saturday, July 02, 2011 06:29:52 AM HyperHacker wrote:
> >> The 5.1 manual states, for os.tmpname():
> >> > On some systems (POSIX), this function also creates a file
> >> > with that name, to avoid security risks. (Someone else might
> >> > create the file with wrong permissions in the time between
> >> > getting the name and creating the file.)
> >> 
> >> But what stops someone from removing that file and creating
> >> their own, or changing its permissions? It doesn't seem like
> >> this really mitigates the risk at all.
> > 
> > I think the assumption is you'll use the file very quickly and
> > then erase it, making it very hard for someone to switch out the
> > file during the short time you'll be using it.
> > 
> > I rolled my own temp file maker that in my opinion is better than
> > those offered by Lua's distribution:
> > 
> > http://www.troubleshooters.com/codecorn/lua/luaos.htm#_Temporary_
> > Files
> > 
> > Be careful -- I think the "%%%" in the error message should be
> > "@@@".
> > 
> > Good luck.
> > 
> > SteveT
> > 
> > 
> > --
> > Steve Litt
> > Recession Relief Package
> > http://www.recession-relief.US
> > Twitter: http://www.twitter.com/stevelitt
> 
> True, you usually open the file immediately after creating it, but
> that leads to the potential security risk/race condition mentioned
> in the first post (and the reason os.tmpname() creates the file
> for you) - there is still a small window of opportunity (which an
> attacker might have various ways of enlarging) to sneak in and
> tamper with the file between the time you create it and the time
> you open it. (Or another app creates the same file, overwriting
> yours during that window - unlikely, but possible.)

If it's a problem having to wait between making up a number, seeing if 
it exists, and opening it for write, then what I would do (I'm on 
Linux) is write the thing in C and call it from Lua. C has a great 
mktemp(), as I remember.

Nothing I currently have justifies that level of effort, but if you're 
looking for foolproof all the way down to the operating system, that's 
it.

StevET

Steve Litt
Recession Relief Package
http://www.recession-relief.US
Twitter: http://www.twitter.com/stevelitt

References:
- os.tmpname security risk?, HyperHacker
- Re: os.tmpname security risk?, Steve Litt
- Re: os.tmpname security risk?, HyperHacker

Prev by Date: Forward declaration of a table and (closure) function
Next by Date: Re: Forward declaration of a table and (closure) function
Previous by thread: Re: os.tmpname security risk?
Next by thread: Re: os.tmpname security risk?
Index(es):
- Date
- Thread