On Wed, Jan 12, 2000 at 03:05:03PM +0100, Marcus Sundberg wrote:
> "Sean Hunter" <sean@uncarved.co.uk> writes:
>
> > On Tue, Jan 11, 2000 at 08:20:54PM +0100, Marcus Sundberg wrote:
> > > Stephen Frost <sfrost@ns.snowman.net> writes:
> > >
> > > > People use the PID to create temp files and whatnot,
> > > > from what I've seen.
> > >
> > > And they do that in order to get a unique number, not a random number.
> >
> > This is also a really bad idea, because with easily guessable pids you
> > are opening yourself to /tmp races.
>
> There can be only one process with a given pid at a time, so there can't
> be anything I'd call a race.
You run your program, but I have created a simlink in /tmp with the
same name (because the name is guessable). That is a race because it
relies on contention between two processes (my "ln -s" and your broken
program) over a shared resource (the easily-guessable name in the
shared namespace of the filesystem). This is the definition of a
race. You may not call it that, but everyone else would.
> Ofcourse there are security implications of handling files in /tmp, but
> that is independent of how the filenames are generated and a completely
> different story. A program that relies on non-guessable filenames in
> /tmp to be secure is severly broken.
Agreed.
Sean
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:20 EST