#508 closed defect (fixed)
IZ2553: /tmp/*_messages files are subject to symlink vulnerabilities
Reported by: | brooks | Owned by: | Dave Love <d.love@…> |
---|---|---|---|
Priority: | high | Milestone: | 8.0.0e |
Component: | sge | Version: | current |
Severity: | major | Keywords: | security execution |
Cc: |
Description (last modified by admin)
[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=2553]
Issue #: 2553 Platform: All Reporter: brooks (brooks) Component: gridengine OS: All Subcomponent: execution Version: current CC: None defined Status: NEW Priority: P3 Resolution: Issue type: DEFECT Target milestone: --- Assigned to: pollinger (pollinger) QA Contact: pollinger URL: * Summary: /tmp/*_messages files are subject to symlink vulnerabilities Status whiteboard: Attachments: Issue 2553 blocks: Votes for issue 2553: Opened: Thu Apr 10 13:48:00 -0700 2008 ------------------------ As far as I can tell, the /tmp/*_messages files deamons use early in startup are created without the exclusive flag. As a result, ordinary users can create symlinks in their place and cause the daemons to write to arbitrary files. The files should either be opened exclusivly or the locations should be changed to a location not writable by ordinary users.
Change History (5)
comment:1 Changed 10 years ago by dlove
- Keywords security added; removed
- Milestone set to 6.2u5.1
- Priority changed from normal to high
- Severity set to major
comment:2 Changed 9 years ago by admin
- Description modified (diff)
- Milestone changed from 8.0.0a to 8.0.0c
comment:3 Changed 9 years ago by dlove
- Milestone changed from 8.0.0c to 8.0.0d
comment:4 Changed 9 years ago by admin
- Milestone changed from 8.0.0d to 8.0.0e
comment:5 Changed 9 years ago by Dave Love <d.love@…>
- Owner set to Dave Love <d.love@…>
- Resolution set to fixed
- Status changed from new to closed
In [4186/sge]:
(The changeset message doesn't reference this ticket)
Note: See
TracTickets for help on using
tickets.
This isn't so easy to sort out directly. I'm inclined to use syslog before writing
to the spool area, but I don't know if that works in MS Windows. Otherwise, the
thing to do seems to be to make a file initially safely with mkstemp and delete it
later if it wasn't used.