Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: default TMPPREFIX unsafe if local malicious users

X-seq: zsh-workers 30646
From: Sorin Ionescu <sorin.ionescu@xxxxxxxxx>
To: Jeremy Mates <jeremy.mates@xxxxxxxxx>
Subject: Re: default TMPPREFIX unsafe if local malicious users
Date: Wed, 29 Aug 2012 21:41:33 -0400
Cc: zsh-workers@xxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=KBAoLhklSOb/d37rtr1ftK1wv80gzaaVt7g/n3FfVXs=; b=To7Vd3Hz2jpXTve+lHRSqloTr2DHWcCn9CVL588tyZYrKC+A73uz0MpWBISXdndXd7 1EnannsGH1Dzyj66vNZJJe/vrN/aK+E1PEpx31X1fLij9VCDxneDhpROLs+okyhGrv+x 2oexiXsR815ERlzQvPZ4B5k+cLEX/7QzsYNVGdG2SjP+gX3vn2nUW04Efo3HXzHKQSOZ HgyF1ovtH6m4QyCtQjir6twhzh+Enpj0Ri1f3CkIGp+/Z2xf2bI1OxFDHKDC/A5ta9DQ mNLkFdQhn2X1S9ejn1KiY+6nDCosq3ElX3f1lqPQ0UrKPxmcruUNIpGum/y7d1Q3XTUv 395w==
In-reply-to: <10BDFE08-7B52-4775-BD19-C5A1B7498202@gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <10BDFE08-7B52-4775-BD19-C5A1B7498202@gmail.com>

On Mac OS X, a temporary directory with permissions 700 is created for each user at login: /var/folders/jp/qsb33jvx5hj6vv3zv3rhcgn00000gn/T/.

$TMPPREFIX should be set to $TMPDIR/zsh, not /tmp/zsh.

Sorin

On 29 Aug 2012, at 19:13, Jeremy Mates wrote:

> The default TMPPREFIX of /tmp/zsh allows arbitrary file overwrite should a local malicious user have write access to /tmp, for example if the target user uses the Functions/Zle/edit-command-line feature after the following is performed:
> 
>  for i in {1..99999}; do ln -s /user/file/to/clobber /tmp/zshecl$i; done
> 
> This issue could perhaps be avoided by locally setting the NOCLOBBER option for all code that uses TMPPREFIX, or by providing a mktemp(3) interface (if available)?
> 
> Jeremy

References:
- default TMPPREFIX unsafe if local malicious users
  - From: Jeremy Mates

Messages sorted by: Reverse Date, Date, Thread, Author