Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[tcpcrypt-dev] [PATCH] avoid symlink attacks in launch_tcpcryptd.sh

Andrea Bittau bittau at cs.stanford.edu
Wed Jul 23 10:06:22 PDT 2014


daniel can you rework the patch to use /var/run instead of /run please?

On Wed, Jul 23, 2014 at 9:54 AM, John-Mark Gurney <jmg at funkthat.com> wrote:
> Andrea Bittau wrote this message on Wed, Jul 23, 2014 at 08:50 -0700:
>> yeah it only seems to be used by the test script so it might not be
>> the end of the world.
>>
>> i'm concerned with /run/ because i'm not sure how multiplatform it is.
>> E.g., mac doesn't seem to have it.
>
> /var/run is there for BSD's, both FreeBSD and MacOSX are confirmed to
> have it..
>
>> On Wed, Jul 23, 2014 at 7:09 AM, Daniel Kahn Gillmor
>> <dkg at fifthhorseman.net> wrote:
>> > /tmp is world-writable -- if a non-privileged user creates a symlink
>> > in /tmp/tcpcrypt.pid pointing to some file, then the superuser
>> > executing launch_tcpcryptd.sh will truncate that file.
>> >
>> > Modern systems will use /run for this sort of thing, rather than /tmp,
>> > since /run is not world-writable.
>> >
>> > However, i don't see $PIDFILE ever being actually used in this script,
>> > so the simplest fix might be to just drop the use of $PIDFILE
>> > entirely.
>
> --
>   John-Mark Gurney                              Voice: +1 415 225 5579
>
>      "All that I will do, has been done, All that I have, has not."


More information about the tcpcrypt-dev mailing list