Re: xsane: tempfile handled insecurely

From: Ralph Angenendt (ralph@strg-alt-entf.org)
Date: Mon Feb 28 2000 - 15:45:23 PST

Next message: Joe Smith: "Re: microtek X6EL"

Previous message: Jens Scheithauer: "Re: sane-devel-20000227 error: no "rev""
In reply to: Oliver Rauch: "Re: xsane: tempfile handled insecurely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 28, 2000 at 05:25:15 +0100, Oliver Rauch wrote:
>
> I can not imagen how that can happen,
>
> here is the relevant part of the xsane-0.49 source:
>
> remove(filename); /* remove existing preview */
> umask(0177); /* creare temporary file with "-rw-------" permissions */
> out = fopen(filename, "w");
> umask(XSANE_DEFAULT_UMASK); /* define new file permissions */
>
> The temporary file or symlink is deleted before the new one is opend.

As it seems to be in /tmp/, it cannot be removed by User A if User B
creates that file. Files in /tmp/ can only be deleted if you are the
owner of that file. As said in private mail - try to use mktemp(3) to
create temporary files.

Ralph

-- "Do not dangle the mouse by its cable or throw the mouse at co-workers." -- From a manual for an SGI computer.

application/pgp-signature attachment: stored

--
Source code, list archive, and docs: http://www.mostang.com/sane/
To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com

Next message: Joe Smith: "Re: microtek X6EL"
Previous message: Jens Scheithauer: "Re: sane-devel-20000227 error: no "rev""
In reply to: Oliver Rauch: "Re: xsane: tempfile handled insecurely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Feb 28 2000 - 16:55:09 PST