lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

> > I think this is connected to the security problems of the tmpnam function
> in
> > file lua-5.0-alpha/src/lib/liolib.c, line 440.
> (
> > support/howto/secprog/secprog3.html#tmpf). It would be a very good idea to
> > switch to mkstemp, or if this is non-standard, at least allow it as an
> > compile-time option.
> I think this is more connected to the danger of tmpname potentially
> returning a name that already exists from a second application calling
> tmpname at the same time.

The chances of either of these happening is very low, the main problem with 
tmpnam (and hence os.tmpname) is of another malicious user creating temporary 
files in between the name being generated and the file being opened.
> io.tmpfile was added as an alternative solution to this problem.

io.tmpfile uses tmpfile, which is stated to be also insecure in:
However unlike tmpnam there is nothing in the manpages to indicate this so 
perhaps it has been fixed. Probably a more definitive answer should be found, 
otherwise mkstemp should be be used where available.

If os.tmpfile must remain in the os library and uses tmpnam then the 
documentation should state that is is insecure and its use should be strongly 
discouraged. The current documentation does mention that there can be 
problems, but nothing about it being insecure.

Personally, given that the API is changing anyway, I think this might be a 
good time to remove this function, there are more than enough security bugs 
out there cased by the use of tmpnam already :-)

Steven Murdoch.