TUCoPS :: Linux :: Red Hat/Fedora :: rhscrpts.txt

Insecure scripts that come with RedHat 5.0

Date: Sat, 14 Mar 1998 17:57:33 +0100
From: Michal Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
Subject: Vunerable shell scripts

I made a list of /usr/bin scripts which allows /tmp races. Following
ones creates /tmp/something.$$, then, with no
permission/ownership checking, /tmp/something.$$.x (x may vary
;), or even performs suitable checks, but gives enough time to alter /tmp
contents: glibcbug, bashbug, znew, mailstat, autoupdate, x11perfcomp,
gccmakedep, pnmindex, xcopy, autoheader, cvsbug, rcs2log, updatedb, igawk,
zdiff, zcmp, findaffix, munchlist, report-kaffe-bug, mailshar, MakeTeXPK,
makeindex, texhash, ircbug [...]

This list has been made on RedHat 5.0 Linux distribution. It includes
only /bin/sh scripts and it isn't complete, but maybe it will show the
range of /tmp races problem. Simple

trap "rm -f $TMPFILE;exit 1" 1 2 ...
do_something >$TMPFILE

is not sufficient and may be extremally harmful!!! You should at least use
mktemp to create temporary files, or|and prevent from creating anything
in /tmp directly.

Michal Zalewski [tel 9690] | finger 4 PGP [lcamtuf@boss.staszic.waw.pl]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deustch]
=--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH