Predictable filename races Take this 'better' (but still vulnerable) code: if ( not -e $file ) { open FILEHANDLE, ">$file"; } If symlink pointing to real file is created between test and open, existing file can be overwritten. Could wipe out important files, or possibly insert useful contents. (e.g. /etc/hosts.allow) File could be readable by attacker, providing an idea of what the process does. (e.g. a log file) If fchown/fchmod is used, could provide innappropriate access to files.
Copyright 2003, Bri Hatch of Onsight, Inc.
Presented at SPUG, 2003.
Presentation created using vim and MagicPoint.