commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jochen Wiedmann (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DAEMON-331) Creating and using temporary files
Date Wed, 11 Mar 2015 09:21:38 GMT

    [ https://issues.apache.org/jira/browse/DAEMON-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14356519#comment-14356519
] 

Jochen Wiedmann commented on DAEMON-331:
----------------------------------------

Not that it actually matters (again, the file is not actually read), but out of general security
considerations: Please use

  O_RDWR | O_CREAT | O_EXCL, S_IRUSR|S_IWUSR

when creating the file, so that symlinks aren't followed.


> Creating and using temporary files
> ----------------------------------
>
>                 Key: DAEMON-331
>                 URL: https://issues.apache.org/jira/browse/DAEMON-331
>             Project: Commons Daemon
>          Issue Type: Improvement
>          Components: Jsvc
>    Affects Versions: 1.0.15
>         Environment: Linux/Unix
>            Reporter: Jochen Wiedmann
>             Fix For: 1.0.16
>
>
> It came to our attention, that "jsvc" creates temporary files, naned like "/tmp/${PID}.jsvc_up"
as a means of communication between a forked client process and the parent process.
> These file names are clearly predictable, and one might get the impression, that this
could be abused as part of an attack. However, evaluation has demonstrated, that the content
of these files is never read. Therefore, even if an attacker created these files in advance
with maliciious content, it wouldn't really affect the execution of "jsvc", apart from a prematurely
ending parent process, perhaps with the wrong exit code.
> Nevertheless, this behaviour should change;
> 1.) In either case, the file name must be built in advance in the parent process, and
before forking the child. In other words: Parent and child must share the same name.
> 2.) If possible, for example on Linux, we suggest to use mktemp(3) to create the file
name with a pattern like "${TMP}/jsvc_up.XXXXXX"
> 3.) On other operating systems, we suggest something like
>      "${TMP}//jsvc_up.${RANDOM}".
> Also note, that the directory "/tmp" is not ncessarily a good location for such temporary
files, because it is writable for everyone. A user of Commons Daemon might wish to create
a special directory or such files with restricted write permissions. In such case, the Commons
Daemon user should be able to consigure the location of "$[TMP}".



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message