Subject: Re: Per-user temp storage
To: Perry E. Metzger <>
From: David Brownlee <>
List: tech-security
Date: 02/24/1997 20:25:09
On Mon, 24 Feb 1997, Perry E. Metzger wrote:

> > 	It would help if at least source in the tree used mkstemp() rather
> > 	than mktemp(), tmpnam(), tempnam(). 
> > 
> > 	Maybe add a warning for the above functions in a similar fashion
> > 	to 'gets()' - I believe OpenBSD did something like that a while
> > 	back.
> This is certainly useful, but it doesn't solve the "play with symlinks
> and deep directories during nightly find" problem.
	Very much agreed - its a solution to some of the problems, and
	it encourages good practice. Code should not be using mktemp() &
	friends because even if NetBSD does 'wierd' things with /tmp, if
	someone	compiles up that code on another system they're wide open.

	The earlier suggested changes to /tmp semantics also provide no
	protection against the symlink attack on a nightly find, but
	presumably that could be countered by changing find to maintain
	a 'stack' of the inode numbers of each directory it chdir()s
	into & stat()ing on the way back down, plus the usual combination
	of lstat() & fstat() on the way up. There is a performance
	penalty, but to paraphrase an old saying
		"fast, secure, cheap - choose two"

		David/abs	david@{,,}

     Microsoft: Asks you where you want to go. NetBSD gets you there.
System Manager: Southern Studios Ltd, PO Box 59, London N22 1AR.
  System Admin: MHM Internet, 14 Barley Mow Passage, Chiswick, London W4 4PH.
         SysOP: Monochrome, Largest UK Internet BBS - 'telnet'.