Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[tcpcrypt-dev] [PATCH] avoid symlink attacks in

Daniel Kahn Gillmor dkg at
Wed Jul 23 07:09:28 PDT 2014

/tmp is world-writable -- if a non-privileged user creates a symlink
in /tmp/ pointing to some file, then the superuser
executing will truncate that file.

Modern systems will use /run for this sort of thing, rather than /tmp,
since /run is not world-writable.

However, i don't see $PIDFILE ever being actually used in this script,
so the simplest fix might be to just drop the use of $PIDFILE
 user/ | 2 +-
 user/test/ | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/user/ b/user/
index 9be678c..d2ae8a2 100755
--- a/user/
+++ b/user/
@@ -6,7 +6,7 @@ PORT2=${2:-7777}
 TCPCRYPTD=`dirname $0`/src/tcpcryptd
 start_tcpcryptd() {
diff --git a/user/test/ b/user/test/
index 4855e95..4ab9ca8 100644
--- a/user/test/
+++ b/user/test/
@@ -1,5 +1,5 @@
 `dirname $0`/../ &
 sleep 2
@@ -8,4 +8,4 @@ RET=$?
 kill `cat $PIDFILE 2>/dev/null` > /dev/null 2>&1
 rm -f $PIDFILE
 echo "$RES"
-exit $RET
\ No newline at end of file
+exit $RET

More information about the tcpcrypt-dev mailing list