Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

default TMPPREFIX unsafe if local malicious users

X-seq: zsh-workers 30645
From: Jeremy Mates <jeremy.mates@xxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: default TMPPREFIX unsafe if local malicious users
Date: Wed, 29 Aug 2012 16:13:53 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; bh=eXcNbKBDd9xPEG5V2CEUvcfb5lOaPOpoFMwHMwQJDCQ=; b=QRTnagGAhuoXmCWWEhTnl3vjUI5I3L4nZ8DAlP3/IBpk3uLn0xKifS4NdVt6xbF1n9 BkkHHJ+kQhC1l+K5yNS5REy0+90vRcIGBTKTBqGZULFIrYQ4tIelRusrzSAULFBlpfV+ Yp2O6eC3Nos3KUBhfA1pCmJU2+CyrlcQtNz2lJ10MdH1YI0iFiwmrWrOATMeDEULQyIU rTxWrNEKe9djG+ZRV/czzlu3CcTWCDwzqajbW0gAc8YKgVg+mKWYdGWuMm1fNiXfqQqF DUgLAGnTFYOChhwqJHvbiIPNi2RTqREz5l48VdEUxJ9VCRER3OppX5cUwofYvCK7McIx WNVA==
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm

The default TMPPREFIX of /tmp/zsh allows arbitrary file overwrite should a local malicious user have write access to /tmp, for example if the target user uses the Functions/Zle/edit-command-line feature after the following is performed:

  for i in {1..99999}; do ln -s /user/file/to/clobber /tmp/zshecl$i; done

This issue could perhaps be avoided by locally setting the NOCLOBBER option for all code that uses TMPPREFIX, or by providing a mktemp(3) interface (if available)?

Jeremy

Follow-Ups:
- Re: default TMPPREFIX unsafe if local malicious users
  - From: Sorin Ionescu

Messages sorted by: Reverse Date, Date, Thread, Author