Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[tcpcrypt-dev] [PATCH] avoid symlink attacks in launch_tcpcryptd.sh

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jul 23 07:01:46 PDT 2014


/tmp is world-writable -- if a non-privileged user creates a symlink
in /tmp/tcpcrypt.pid pointing to some file, then the superuser
executing launch_tcpcryptd.sh will truncate that file.

Modern systems will use /run for this sort of thing, rather than /tmp,
since /run is not world-writable.

However, i don't see $PIDFILE ever being actually used in this script,
so the simplest fix might be to just drop the use of $PIDFILE
entirely.
---
 user/launch_tcpcryptd.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/user/launch_tcpcryptd.sh b/user/launch_tcpcryptd.sh
index 9be678c..d2ae8a2 100755
--- a/user/launch_tcpcryptd.sh
+++ b/user/launch_tcpcryptd.sh
@@ -6,7 +6,7 @@ PORT2=${2:-7777}
 
 TCPCRYPTD=`dirname $0`/src/tcpcryptd
 DIVERT_PORT=666
-PIDFILE=/tmp/tcpcrypt.pid
+PIDFILE=/run/tcpcrypt.pid
 
 start_tcpcryptd() {
     LD_LIBRARY_PATH=lib/ $TCPCRYPTD $OPTS -p $DIVERT_PORT &
-- 
2.0.1



More information about the tcpcrypt-dev mailing list