This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Security patch for binutils-2.11.92.0.10 (2nd try)...


> Nick Clifton <nickc@cambridge.redhat.com> writes:
> 
> |> Hi Steven,
> |> |> > This is my second attempt at a small security patch to replace 
> |> > all 'mktemp' calls (2 of them) with calls to 'mkstemp'. My
> |> > first patch was wrong because I neglected to close the open
> |> > file descriptor that gets returned by 'mkstemp'. This is now
> |> > fixed and should function properly. Thanks.
> |> |> Except that this does not really improve the security of the tools
> |> that use the make_tempname() function.  The reason mkstemp() is better
> |> than mktemp() is that returns a file descriptor that has been opened
> |> with O_EXCL.  By closing the descriptor, and then reopening the file
> |> later on, you loose the security inherent in creating the temporary
> |> name and opening the file at the same time.
> 
> But mkstemp has already created the file (securely), thus we know that we
> won't be following malicious symlinks later (only the owner and the
> superuser can manipulate that file).

Not necessarily, it assumes the ``T'' bit is set on the relevant 
directory.  BINUTILS shouldn't let go of the file.

Andrew



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]