This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Re: Security patch for binutils-2.11.92.0.10 (2nd try)...
> Nick Clifton <nickc@cambridge.redhat.com> writes:
>
> |> Hi Steven,
> |> |> > This is my second attempt at a small security patch to replace
> |> > all 'mktemp' calls (2 of them) with calls to 'mkstemp'. My
> |> > first patch was wrong because I neglected to close the open
> |> > file descriptor that gets returned by 'mkstemp'. This is now
> |> > fixed and should function properly. Thanks.
> |> |> Except that this does not really improve the security of the tools
> |> that use the make_tempname() function. The reason mkstemp() is better
> |> than mktemp() is that returns a file descriptor that has been opened
> |> with O_EXCL. By closing the descriptor, and then reopening the file
> |> later on, you loose the security inherent in creating the temporary
> |> name and opening the file at the same time.
>
> But mkstemp has already created the file (securely), thus we know that we
> won't be following malicious symlinks later (only the owner and the
> superuser can manipulate that file).
Not necessarily, it assumes the ``T'' bit is set on the relevant
directory. BINUTILS shouldn't let go of the file.
Andrew