[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Stupid cron question

To: Sheflug <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] Stupid cron question
From: Richard Lowe <nospam [at] richlowe.demon.co.uk>
Date: Tue, 19 Jun 2001 21:43:06 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: Richard Lowe <nospam [at] rata.vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz
User-Agent: Mutt/1.3.18i

* Chris J/#6 (sixie [at] nccnet.co.uk) wrote:
> 
> > I wouldn't swear to it.. but maybe to get around problems with the
> > editor not writing atomicly, and possibility of there being only part of
> > a crontab there at the moment cron runs?
> > 
> > I'm probably wrong of course.. and it's just be to stop the user
> > needing permissions to /var/spool/cron/crontabs/.
> > 
> 
> The temporary file allows crontab to to a basic syntax check of the file 
> before installing it as cron. It also prevents the user corrupting their 
> current cron. Yes, it has the added side effect of being able to lock the 
> crontab directory root read/write only. crontab though needs setuid/setgid 
> bits set so it /can/ write to the cron directory. Therefore crontab should 
> also be a secure binary against buffer overruns.
>

Yup.

> > 
> > I also recall reading an argument against using pid's in temporary
> > filenames, although I can't remember it now, and possibly it was against
> > using consecutive pid's.. but I seem to recall it being by one of the
> > OpenBSD folks.. 
> > 
> 
> Yes. You could get a race that allows someone else access to the file. In C to 
> get a temporary file using a pid, you could do:
> 	pid = getpid();
> 	sprintf (tmpfile, "/tmp/myfile.%d", pid);
> 	fopen (tmpfile, "rw");
> 	.
> 	.
> 	.
> 
> the race is that Mr Evil could get the pid of the program and create 
> /tmp/myfile.<pid> with his rights, or symlink /tmp/myfile.pid to somewhere 
> else where he could try more attacks against it. THe C library routine 
> mktemp(3) suffers the same race, but mkstemp(3) doesn't (see below).
> 
> > 
> > And seeing as I'm babbling like a cretin anyway.
> > 
> > Why is it, that every peice of information about creating secure tmp
> > files, says to use mkstemp(), but the mkstemp() manpage says not to use it,
> > and to use tmpfile()? :)  (and seeing as mkstemp() uses the pid, I guess
> > what I was thinking about, must be random pids).
> > 
> 
> Reading the manpage, it's not a security issue with mkstemp, but a portability 
> issue...from said page:
> 
> 	"Don't use this function, use tmpfile(3) instead. It's
> 	better defined and more portable."
> 
> 

Hmmm, I must have missed that... *kicks himself* :)

-- 
[ Richard Lowe - richlowe - richlowe [at] richlowe.demon.co.uk ]
[            http://www.snowman.net/~richlowe/            ]

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

References:
- Re: [Sheflug] Stupid cron question
  - From: "Chris J/#6" <nospam [at] nccnet.co.uk>

Prev by Date: Re: [Sheflug] Stupid cron question
Next by Date: [Sheflug] Re: The past week...
Prev by thread: Re: [Sheflug] Stupid cron question
Next by thread: [Sheflug] The past week...
Index(es):
- Date
- Thread