[Yum-devel] writing out the cache and yum-utils
seth vidal
skvidal at phy.duke.edu
Sat Jun 18 12:41:02 UTC 2005
On Sat, 2005-06-18 at 14:22 +0200, Hans-Peter Jansen wrote:
> Am Samstag, 18. Juni 2005 13:50 schrieb seth vidal:
> >
> > you'd still need to make it a randomly determined dir (mkstemp)
> > otherwise we'd be opening up for an exploit.
>
> Forgive my sillyness, but if this dir is 0700 and owned by the user, how
> can this be exploited by another user?
>
if the dir/filename is predictable you can have a race condition for the
resulting dir/file access. If someone else can get to the file before
you do they can essentially cause you to create certain files AS YOU
which has some interesting potential impacts.
This is only really dangerous in directories where anyone can write.
That's why we don't have to worry about it in /var/cache/yum
-sv
More information about the Yum-devel
mailing list