Re: which temp dir to use?
Re: which temp dir to use?
- Subject: Re: which temp dir to use?
- From: Dave Keck <email@hidden>
- Date: Sun, 24 May 2009 08:28:33 -1000
> 1. Non-privileged process A running as user Alice creates a file
> called /tmp/ipc.
> 2. A signals to privileged process B, running as root, that the file exists.
> 3. Malevolent process C, running as user Eve, notices the file,
> unlinks it (which it can do due to the permissions on /tmp) and
> creates a new one in its place with its own preferred contents.
> 4. B performs its action on the newly-replaced file contents.
I debated whether I should mention my technique thinking someone might
bring up this precise vulnerability. :)
My rationale is based on the fact the BetterAuthorizationSample is
also vulnerable to a similar attack: some malicious code is running in
the background, and at just the right instant replaces the genuine
tool with a malicious one, and the malicious tool gets root
privileges. Granted, our cases are quite different: mine is completely
preventable by using an IPC mechanism that avoids the filesystem, as
you mentioned. But alas, I sided with the "if they want it bad
enough..." line of thinking.
David
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden