Self-contained executable for any Linux x86_64 distribution
Cristian Ionescu-Idbohrn
cristian.ionescu-idbohrn at axis.com
Sun Mar 3 12:21:47 PST 2013
On Sun, 3 Mar 2013, Lutz Vieweg wrote:
> On 03/03/2013 08:40 PM, Cristian Ionescu-Idbohrn wrote:
> > > + D=subsurface
> > > + mkdir -p -m 777 /tmp/applink
> > > + chmod o+t /tmp/applink
>
> I should probably change this to
> mkdir -p -m 1777 /tmp/applink
>
> > Didn't try your "self-contained" package, as I'm skeptical to that sort of
> > thing. But, Lutz, please try to avoid that sort of thing. It's the
> > classical:
> >
> > http://www.google.com/search?q=insecure+temporary+file
>
> I understand that writing to a file that other users can know
> the name of creates a security risk. But how would you exploit
> the creation of a symbolic link (that is later used for reading, only)
> in a directory with the sticky bit set?
There are things that one just don't do. And this is, IMO, one of them.
It's really not that odd. Just avoid that sort of thing, as long as
better alternatives are available.
> (And my script does verify, after creating the symbolic link,
> that this link indeed points to there the script wanted it to point
> to - to avoid the race condition that somebody creates a link
> before the script does.)
Right. I didn't check the script either, but I won't be persuing this.
> > If you _must_ create a temporary directory, do it under $HOME, and
> > absolutely not under /tmp.
>
> The whole point of making that directory is that "/tmp" is the
> only constant place in the filesystem that is known to be user-
> writeable.
And there's /var/tmp too. Doesn't get erased either between reboots.
Nevertheless, that's no huge improvement either.
$HOME then? No $HOME, no access. But, obviously, you're attempting
to do something in case HOME=/, don't you?
> If I create such a directory in $HOME, there is no way to do a
> ./configure --prefix=/tmp/applink/subsurface ...
> in preparation for dependencies of the software, because
> ./configure --prefix=/home/*/something
> would obviously not be available on the next computer.
I must admit, I didn't give too much thought to what you're trying to
achieve. But, at least for me, it's a dead end. Sorry.
> > Don't `chmod' anything to permitions 0777 (that's another OSs business).
> > 0700 is better.
>
> /tmp/applink/ is meant to contain symbolic links to other applications
> (besides subsurface).
Oh boy...
> > And /tmp is already supposed to have the sticky bit set:
> > Access: (1777/drwxrwxrwt)
>
> Yes, and I don't see how /tmp/applink creates more of a risk than
> /tmp/ itself.
Alright. I'm not going to argue. Feel free to continue your experiments.
Cheers,
--
Cristian
More information about the subsurface
mailing list