Re: xsane: tempfile handled insecurely

From: Ralph Angenendt (
Date: Mon Feb 28 2000 - 15:45:23 PST

  • Next message: Joe Smith: "Re: microtek X6EL"

    On Mon, Feb 28, 2000 at 05:25:15 +0100, Oliver Rauch wrote:
    > I can not imagen how that can happen,
    > here is the relevant part of the xsane-0.49 source:
    > remove(filename); /* remove existing preview */
    > umask(0177); /* creare temporary file with "-rw-------" permissions */
    > out = fopen(filename, "w");
    > umask(XSANE_DEFAULT_UMASK); /* define new file permissions */
    > The temporary file or symlink is deleted before the new one is opend.

    As it seems to be in /tmp/, it cannot be removed by User A if User B
    creates that file. Files in /tmp/ can only be deleted if you are the
    owner of that file. As said in private mail - try to use mktemp(3) to
    create temporary files.


    "Do not dangle the mouse by its cable or throw the mouse at
            -- From a manual for an SGI computer.

    Source code, list archive, and docs:
    To unsubscribe: echo unsubscribe sane-devel | mail

    This archive was generated by hypermail 2b29 : Mon Feb 28 2000 - 16:55:09 PST