[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: os.tmpname security risk?
- From: Patrick Donnelly <batrick@...>
- Date: Wed, 13 Jul 2011 21:54:44 -0400
On Wed, Jul 13, 2011 at 9:47 PM, Steve Litt <slitt@troubleshooters.com> wrote:
> On Wednesday, July 13, 2011 08:34:15 PM Patrick Donnelly wrote:
>> On Wed, Jul 13, 2011 at 8:17 PM, Steve Litt
> <slitt@troubleshooters.com> wrote:
>> > On Saturday, July 02, 2011 06:29:52 AM HyperHacker wrote:
>> >> The 5.1 manual states, for os.tmpname():
>> >> > On some systems (POSIX), this function also creates a file
>> >> > with that name, to avoid security risks. (Someone else might
>> >> > create the file with wrong permissions in the time between
>> >> > getting the name and creating the file.)
>> >>
>> >> But what stops someone from removing that file and creating
>> >> their own, or changing its permissions? It doesn't seem like
>> >> this really mitigates the risk at all.
>> >
>> > I think the assumption is you'll use the file very quickly and
>> > then erase it, making it very hard for someone to switch out the
>> > file during the short time you'll be using it.
>> >
>> > I rolled my own temp file maker that in my opinion is better than
>> > those offered by Lua's distribution:
>> >
>> > http://www.troubleshooters.com/codecorn/lua/luaos.htm#_Temporary_
>> > Files
>> >
>> > Be careful -- I think the "%%%" in the error message should be
>> > "@@@".
>>
>> Your file maker is not better. There is a race condition between
>> the test to check for the existence of the desired file and the
>> opening of the file for writing (which creates it).
>>
>> This is why Lua and everyone else uses mkstemp [1].
>>
>> [1]
>> http://pubs.opengroup.org/onlinepubs/009695399/functions/mkstemp.h
>> tml
>
> Cool! Where's the documentation on the Lua implementation of
> mkstemp()?
os.tmpname uses mkstemp. Look at the source.
--
- Patrick Donnelly