This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug runtime/9849] New: dtrace: Unsafe temporary file handling


dtrace -G creates temporary file with name of probe file
but with extension .c (if probe file had extension .d).
Also dtrace makes no checks if that file already exist.
This makes symlink attack possible:

% touch test.d
% rm -f /tmp/somefile /tmp/test.c
% ln -s /tmp/somefile /tmp/test.c
% ./dtrace -G -s test.d
% cat /tmp/somefile
static __dtrace () {}

Symlink can be created by any user.

dtrace should use python equivalent of mkstemp(3) to avoid this bug.

-- 
           Summary: dtrace: Unsafe temporary file handling
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: runtime
        AssignedTo: systemtap at sources dot redhat dot com
        ReportedBy: eugen at debian dot org


http://sourceware.org/bugzilla/show_bug.cgi?id=9849

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]