Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[tcpcrypt-dev] [PATCH] avoid symlink attacks in launch_tcpcryptd.sh

John-Mark Gurney jmg at funkthat.com
Wed Jul 23 09:54:11 PDT 2014


Andrea Bittau wrote this message on Wed, Jul 23, 2014 at 08:50 -0700:
> yeah it only seems to be used by the test script so it might not be
> the end of the world.
> 
> i'm concerned with /run/ because i'm not sure how multiplatform it is.
> E.g., mac doesn't seem to have it.

/var/run is there for BSD's, both FreeBSD and MacOSX are confirmed to
have it..

> On Wed, Jul 23, 2014 at 7:09 AM, Daniel Kahn Gillmor
> <dkg at fifthhorseman.net> wrote:
> > /tmp is world-writable -- if a non-privileged user creates a symlink
> > in /tmp/tcpcrypt.pid pointing to some file, then the superuser
> > executing launch_tcpcryptd.sh will truncate that file.
> >
> > Modern systems will use /run for this sort of thing, rather than /tmp,
> > since /run is not world-writable.
> >
> > However, i don't see $PIDFILE ever being actually used in this script,
> > so the simplest fix might be to just drop the use of $PIDFILE
> > entirely.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the tcpcrypt-dev mailing list