Closed fkaa closed 9 years ago
From the FreeBSD man page tempnam(3):
SECURITY CONSIDERATIONS
The tmpnam() and tempnam() functions are susceptible to a race condition occurring between the selection of the file name and the creation of the file, which allows malicious users to potentially overwrite arbitrary files in the system, depending on the level of privilege of the running program. Additionally, there is no means by which file permissions may be specified. It is strongly suggested that mkstemp(3) be used in place of these functions.
I actually know how such an exploit would be pulled off (it's a confused deputy attack), and basically it's really only an issue if you're trying to run Iceball as root on a system where you've given a user account to some dodgy bastard. From my understanding it's a rather hard exploit to trigger unless you can predict what the next temp filename will be, and then again you kinda have to spam the filesystem with symlinks at just the right moment.
Basically, if someone can get into your system to use Iceball to exploit this issue, they can probably fuck you over without using Iceball.
To be blunt, it's not worth the effort to work around such an obscure exploit. The only case I can think of would be in a dedicated server, but that should eventually be tweaked to not depend on sackit, and thus we won't need this tempnam() thing for the dedi anyway - we'd just load .it files as if they were general binary files (hidden behind a userdata thing, of course).
This is no longer used in the dedi version, and thus really isn't an issue anymore. Closing.
According to clang's infinite wisdom,
tempnam
is deprecated because of security issues and advices you to usemkstemp
instead. Is this something we should be concerned about? Are there any downsides to switching tomkstemp
instead?