[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: os.tmpname security risk?
- From: Steve Litt <slitt@...>
- Date: Wed, 13 Jul 2011 21:47:30 -0400
On Wednesday, July 13, 2011 08:34:15 PM Patrick Donnelly wrote:
> On Wed, Jul 13, 2011 at 8:17 PM, Steve Litt
<slitt@troubleshooters.com> wrote:
> > On Saturday, July 02, 2011 06:29:52 AM HyperHacker wrote:
> >> The 5.1 manual states, for os.tmpname():
> >> > On some systems (POSIX), this function also creates a file
> >> > with that name, to avoid security risks. (Someone else might
> >> > create the file with wrong permissions in the time between
> >> > getting the name and creating the file.)
> >>
> >> But what stops someone from removing that file and creating
> >> their own, or changing its permissions? It doesn't seem like
> >> this really mitigates the risk at all.
> >
> > I think the assumption is you'll use the file very quickly and
> > then erase it, making it very hard for someone to switch out the
> > file during the short time you'll be using it.
> >
> > I rolled my own temp file maker that in my opinion is better than
> > those offered by Lua's distribution:
> >
> > http://www.troubleshooters.com/codecorn/lua/luaos.htm#_Temporary_
> > Files
> >
> > Be careful -- I think the "%%%" in the error message should be
> > "@@@".
>
> Your file maker is not better. There is a race condition between
> the test to check for the existence of the desired file and the
> opening of the file for writing (which creates it).
>
> This is why Lua and everyone else uses mkstemp [1].
>
> [1]
> http://pubs.opengroup.org/onlinepubs/009695399/functions/mkstemp.h
> tml
Cool! Where's the documentation on the Lua implementation of
mkstemp()?
Thanks
SteveT
Steve Litt
Author: The Key to Everyday Excellence
http://www.troubleshooters.com/bookstore/key_excellence.htm
Twitter: http://www.twitter.com/stevelitt