Search Mailing List Archives
[tcpcrypt-dev] [PATCH] avoid symlink attacks in launch_tcpcryptd.sh
jmg at funkthat.com
Wed Jul 23 09:54:11 PDT 2014
Andrea Bittau wrote this message on Wed, Jul 23, 2014 at 08:50 -0700:
> yeah it only seems to be used by the test script so it might not be
> the end of the world.
> i'm concerned with /run/ because i'm not sure how multiplatform it is.
> E.g., mac doesn't seem to have it.
/var/run is there for BSD's, both FreeBSD and MacOSX are confirmed to
> On Wed, Jul 23, 2014 at 7:09 AM, Daniel Kahn Gillmor
> <dkg at fifthhorseman.net> wrote:
> > /tmp is world-writable -- if a non-privileged user creates a symlink
> > in /tmp/tcpcrypt.pid pointing to some file, then the superuser
> > executing launch_tcpcryptd.sh will truncate that file.
> > Modern systems will use /run for this sort of thing, rather than /tmp,
> > since /run is not world-writable.
> > However, i don't see $PIDFILE ever being actually used in this script,
> > so the simplest fix might be to just drop the use of $PIDFILE
> > entirely.
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the tcpcrypt-dev