This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Security patch for binutils-2.11.92.0.10 (2nd try)...


Hi Andreas,

> |> Except that this does not really improve the security of the tools
> |> that use the make_tempname() function.  The reason mkstemp() is better
> |> than mktemp() is that returns a file descriptor that has been opened
> |> with O_EXCL.  By closing the descriptor, and then reopening the file
> |> later on, you loose the security inherent in creating the temporary
> |> name and opening the file at the same time.
> 
> But mkstemp has already created the file (securely), thus we know that we
> won't be following malicious symlinks later (only the owner and the
> superuser can manipulate that file).

Even for symlinks in the directory path to the file ?

OK - I will accept that mkstemp() is more secure than mktemp(), so
using it would be a "Good Thing (tm)".  I am just hoping that Steven
might be prompted to change make_tempname() to return a file
descriptor instead.  (Or more probaly, create a new function called,
say, open_tempname() which returns a file descriptor, since I suspect
that there will be some places where the old behaviour of
make_tempname cannot be easily replaced.

So - Steven, do you want to do this ?  If not, I will accept your
patch as-is, but with one proviso - please could you submit a
ChangeLog entry as well.

Cheers
        Nick

PS.  Oh - Steven - do you have a copyright assignment on file with the
FSF ?  If not, then I could accept the mkstemp() patch, since it is
small and can be considered 'obvious', but a bigger patch, adding a
new function, would require an assignment.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]