This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[Bug runtime/9849] New: dtrace: Unsafe temporary file handling
- From: "eugen at debian dot org" <sourceware-bugzilla at sourceware dot org>
- To: systemtap at sources dot redhat dot com
- Date: 15 Feb 2009 21:24:38 -0000
- Subject: [Bug runtime/9849] New: dtrace: Unsafe temporary file handling
- Reply-to: sourceware-bugzilla at sourceware dot org
dtrace -G creates temporary file with name of probe file
but with extension .c (if probe file had extension .d).
Also dtrace makes no checks if that file already exist.
This makes symlink attack possible:
% touch test.d
% rm -f /tmp/somefile /tmp/test.c
% ln -s /tmp/somefile /tmp/test.c
% ./dtrace -G -s test.d
% cat /tmp/somefile
static __dtrace () {}
Symlink can be created by any user.
dtrace should use python equivalent of mkstemp(3) to avoid this bug.
--
Summary: dtrace: Unsafe temporary file handling
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: runtime
AssignedTo: systemtap at sources dot redhat dot com
ReportedBy: eugen at debian dot org
http://sourceware.org/bugzilla/show_bug.cgi?id=9849
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.