Re: Uploaded devscripts 2.0.0 (source all) to master
>> "BC" == Ben Collins <bmc@it.larc.nasa.gov> writes:
BC> On Thu, Jan 07, 1999 at 11:43:24PM +0100, Martin Bialasinski wrote:
>> rm def
>> if not successfull then bail out
>> create def
>> if not successfull than bail out
>> write to def
>>
>> Is this unsave? Why?
BC> It would be trivial to write a program to recreate the link inbetween your
BC> rm and touch.
With touch you mean the create? With the pseudocode creat, I mean
something like (here in Perl): open OUT, ">def" or die "security
violation";
Still a problem ?
BC> Not to mention that any where in your script I can delete it
BC> and replace it with a link (shell scripts don't lock files).
But we are talking about a user running this script. If he has created
the file, noone else can remove it (if he hasn't the permission to do
so). And if one can do this, then permissions on /tmp are broken and
this is another story.
Also if I have a filehandle, he could delete the file, and it wouldn't
matter. Of cause in this case, security would be on stake, if one
would trust the file to be the one one wrote to.
Difficult topic.
Ciao,
Martin
Reply to: