[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Stupid cron question

To: "Sheflug" <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] Stupid cron question
From: "Chris J/#6" <nospam [at] nccnet.co.uk>
Date: Tue, 19 Jun 2001 22:26:02 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz


> I wouldn't swear to it.. but maybe to get around problems with the
> editor not writing atomicly, and possibility of there being only part of
> a crontab there at the moment cron runs?
> 
> I'm probably wrong of course.. and it's just be to stop the user
> needing permissions to /var/spool/cron/crontabs/.
> 

The temporary file allows crontab to to a basic syntax check of the file 
before installing it as cron. It also prevents the user corrupting their 
current cron. Yes, it has the added side effect of being able to lock the 
crontab directory root read/write only. crontab though needs setuid/setgid 
bits set so it /can/ write to the cron directory. Therefore crontab should 
also be a secure binary against buffer overruns.

> 
> I also recall reading an argument against using pid's in temporary
> filenames, although I can't remember it now, and possibly it was against
> using consecutive pid's.. but I seem to recall it being by one of the
> OpenBSD folks.. 
> 

Yes. You could get a race that allows someone else access to the file. In C to 
get a temporary file using a pid, you could do:
	pid = getpid();
	sprintf (tmpfile, "/tmp/myfile.%d", pid);
	fopen (tmpfile, "rw");
	.
	.
	.

the race is that Mr Evil could get the pid of the program and create 
/tmp/myfile.<pid> with his rights, or symlink /tmp/myfile.pid to somewhere 
else where he could try more attacks against it. THe C library routine 
mktemp(3) suffers the same race, but mkstemp(3) doesn't (see below).

> 
> And seeing as I'm babbling like a cretin anyway.
> 
> Why is it, that every peice of information about creating secure tmp
> files, says to use mkstemp(), but the mkstemp() manpage says not to use it,
> and to use tmpfile()? :)  (and seeing as mkstemp() uses the pid, I guess
> what I was thinking about, must be random pids).
> 

Reading the manpage, it's not a security issue with mkstemp, but a portability 
issue...from said page:

	"Don't use this function, use tmpfile(3) instead. It's
	better defined and more portable."


Chris...


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Stupid cron question
  - From: Richard Lowe <nospam [at] richlowe.demon.co.uk>

References:
- Re: [Sheflug] Stupid cron question
  - From: Richard Lowe <nospam [at] richlowe.demon.co.uk>

Prev by Date: Re: [Sheflug] Stupid cron question
Next by Date: Re: [Sheflug] Stupid cron question
Prev by thread: Re: [Sheflug] Stupid cron question
Next by thread: Re: [Sheflug] Stupid cron question
Index(es):
- Date
- Thread