Re: which temp dir to use?
Re: which temp dir to use?
- Subject: Re: which temp dir to use?
- From: Kyle Sluder <email@hidden>
- Date: Sun, 24 May 2009 11:39:47 -0700
On Sun, May 24, 2009 at 11:28 AM, Dave Keck <email@hidden> wrote:
> I debated whether I should mention my technique thinking someone might
> bring up this precise vulnerability. :)
It is possible to use /tmp safely, but you have to be very careful.
Just like when doing anything sensitive on the filesystem.
> My rationale is based on the fact the BetterAuthorizationSample is
> also vulnerable to a similar attack: some malicious code is running in
> the background, and at just the right instant replaces the genuine
> tool with a malicious one, and the malicious tool gets root
> privileges. Granted, our cases are quite different: mine is completely
> preventable by using an IPC mechanism that avoids the filesystem, as
> you mentioned. But alas, I sided with the "if they want it bad
> enough..." line of thinking.
That's a rather unfortunate line of thinking. Apple could do
everything in the world to lock down the operating system, but if
someone can take advantage of a completely unrelated third-party
software to perform an attack, I wouldn't be too thrilled.
I'm also confused about how one could levy the same attack against
BAS. Unless the app is running from /tmp (or another directory
writable by an unprivileged user) then it's not going to happen. The
attack I described is a consequence of how UNIX applies permissions to
directories; the ability to unlink directory entries is not an
attribute of the entries themselves, but of the directory.
--Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden