[index] [text page] [<<start] [<prev] [next>] [last>>]
Page 22: Predictable filename races

Page 22

  
  Predictable filename races
  Take this 'better' (but still vulnerable) code:
    if ( not -e $file ) {
        open FILEHANDLE, ">$file";
    }
  If symlink pointing to real file is created between test and open, existing file can be overwritten.
  Could wipe out important files, or possibly insert useful contents.  (e.g. /etc/hosts.allow)
  File could be readable by attacker, providing an idea of what the process does.  (e.g. a log file)
  If fchown/fchmod is used, could provide innappropriate access to files.

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at SPUG, 2003.

Presentation created using vim and MagicPoint.