Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: difflog.pl and "security"

X-seq: zsh-workers 24144
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: zsh-workers@xxxxxxxxxx
Subject: Re: difflog.pl and "security"
Date: Mon, 03 Dec 2007 08:33:01 -0800
In-reply-to: <20071203104256.09dc9684@news01>
Mailing-list: contact zsh-workers-help@xxxxxxxxxx; run by ezmlm
References: <20071202214005.GA6517@xxxxxxxxxxx> <071202174520.ZM3017@xxxxxxxxxxxxxxxxxxxxxx> <20071203104256.09dc9684@news01>

On Dec 3, 10:42am, Peter Stephenson wrote:
}
} Yes, I'm more worried about the implication that anything distributed
} will be assumed to be robust for any usage. In the usage for which
} difflog.pl is supplied, security is not an issue since you're diffing
} two publicly available logs.

If I understand the issue correctly, the problem is not what's in the
log files, but what's in /tmp.

E.g., if a local attacker can guess when difflog.pl is being run and
what its process ID is, he can create symlinks in /tmp that point
from the files difflog is about to create, to any files owned by the
person running difflog, and cause the target files to be clobbered.

My usual feeling about this is that if your local users are doing this
sort of thing, you already have problems that fixing a few scripts is
not going to solve; but there are people who have no choice but to
hand out logins first and ask questions later.

Follow-Ups:
- Re: difflog.pl and "security"
  - From: Peter Stephenson

References:
- difflog.pl and "security"
  - From: Clint Adams
- Re: difflog.pl and "security"
  - From: Bart Schaefer
- Re: difflog.pl and "security"
  - From: Peter Stephenson

Messages sorted by: Reverse Date, Date, Thread, Author