KTemporaryFile::createLocalFile()
Oswald Buddenhagen
ossi at kde.org
Thu Jul 5 12:07:24 BST 2007
On Thu, Jul 05, 2007 at 12:35:23PM +0200, David Faure wrote:
> 1) App calls KTemporaryFile::createLocalFile(), which creates a file,
> opens it, closes it, returns its name
> 2) Another user was running a malicious script that watches /tmp (e.g.
> using inotify), it gets notified about the new file.
> 3) Said script replaces the new temp file with a symlink to your
> ~/.ssh/id_dsa (or any other file that has value to you)
>
now you exposed you ignorance about posix semantics. :-P
assume temp files in /tmp. this dir is sticky. no user (except root, but
root being trustable is a premise anyway) can rename or delete (and thus
replace) another user's files. => we are safe.
now, that might be not true on windows - maybe the entire protection is
based on dir entries of open files being locked (somebody please check
that!).
but even then we are safe: our temp files don't live in the temp dir
itself, but in a subdir only the user himself has *any* access to.
> 4) App now reopens the file using the path it got from step 1, and
> this erases your ssh private key. Damn!
>
... and consequently this scenario is bogus.
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.
More information about the kde-core-devel
mailing list