OpenSSH tmp cleanup
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Fri Jun 8 18:40:28 EST 2001
On Thu, Jun 07, 2001 at 08:07:32PM -0400, Nalin Dahyabhai wrote:
> On Thu, Jun 07, 2001 at 10:52:33PM +0200, Markus Friedl wrote:
> > did someone check this?
>
> The patch appears to prevent the deletion of wrong files, but it still
> looks to me that if a local user can hit the window between the
> mkdtemp() and open() calls, he can cause the cookie file to be created
> in any directory the superuser can write to.
how can he do this?
we switch to the uid of the user before mkdtemp() and back after
the call to open().
More information about the openssh-unix-dev
mailing list