Search Mailing List Archives
[tcpcrypt-dev] [PATCH] avoid symlink attacks in launch_tcpcryptd.sh
bittau at cs.stanford.edu
Wed Jul 23 10:06:22 PDT 2014
daniel can you rework the patch to use /var/run instead of /run please?
On Wed, Jul 23, 2014 at 9:54 AM, John-Mark Gurney <jmg at funkthat.com> wrote:
> Andrea Bittau wrote this message on Wed, Jul 23, 2014 at 08:50 -0700:
>> yeah it only seems to be used by the test script so it might not be
>> the end of the world.
>> i'm concerned with /run/ because i'm not sure how multiplatform it is.
>> E.g., mac doesn't seem to have it.
> /var/run is there for BSD's, both FreeBSD and MacOSX are confirmed to
> have it..
>> On Wed, Jul 23, 2014 at 7:09 AM, Daniel Kahn Gillmor
>> <dkg at fifthhorseman.net> wrote:
>> > /tmp is world-writable -- if a non-privileged user creates a symlink
>> > in /tmp/tcpcrypt.pid pointing to some file, then the superuser
>> > executing launch_tcpcryptd.sh will truncate that file.
>> > Modern systems will use /run for this sort of thing, rather than /tmp,
>> > since /run is not world-writable.
>> > However, i don't see $PIDFILE ever being actually used in this script,
>> > so the simplest fix might be to just drop the use of $PIDFILE
>> > entirely.
> John-Mark Gurney Voice: +1 415 225 5579
> "All that I will do, has been done, All that I have, has not."
More information about the tcpcrypt-dev