* [Bug runtime/9849] New: dtrace: Unsafe temporary file handling
@ 2009-02-15 21:26 eugen at debian dot org
2009-02-16 13:54 ` [Bug runtime/9849] " mjw at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: eugen at debian dot org @ 2009-02-15 21:26 UTC (permalink / raw)
To: systemtap
dtrace -G creates temporary file with name of probe file
but with extension .c (if probe file had extension .d).
Also dtrace makes no checks if that file already exist.
This makes symlink attack possible:
% touch test.d
% rm -f /tmp/somefile /tmp/test.c
% ln -s /tmp/somefile /tmp/test.c
% ./dtrace -G -s test.d
% cat /tmp/somefile
static __dtrace () {}
Symlink can be created by any user.
dtrace should use python equivalent of mkstemp(3) to avoid this bug.
--
Summary: dtrace: Unsafe temporary file handling
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: runtime
AssignedTo: systemtap at sources dot redhat dot com
ReportedBy: eugen at debian dot org
http://sourceware.org/bugzilla/show_bug.cgi?id=9849
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug runtime/9849] dtrace: Unsafe temporary file handling
2009-02-15 21:26 [Bug runtime/9849] New: dtrace: Unsafe temporary file handling eugen at debian dot org
@ 2009-02-16 13:54 ` mjw at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: mjw at redhat dot com @ 2009-02-16 13:54 UTC (permalink / raw)
To: systemtap
------- Additional Comments From mjw at redhat dot com 2009-02-16 12:16 -------
Thanks for noticing. Fixed in:
commit e3c5bcd9d838731926fa72d652c29c7ba0eb332a
Author: Mark Wielaard <mjw@redhat.com>
Date: Mon Feb 16 13:14:47 2009 +0100
PR 9849, use mkstemp.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=9849
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-02-16 12:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-02-15 21:26 [Bug runtime/9849] New: dtrace: Unsafe temporary file handling eugen at debian dot org
2009-02-16 13:54 ` [Bug runtime/9849] " mjw at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).