From: AIX geek (aixgeek@YAHOO.COM)
Date: Thu Aug 29 2002 - 09:38:47 EDT
I concur with all that. It's just a quick-and-dirty
script I wrote to get the job done; I certainly make
no guarantees about its "secureness".
I've used it tons of times, and never had a problem.
Caveat emptor.
--- Holger.VanKoll@SWISSCOM.COM wrote:
> One could put scripts that need root-privileges to
> run in a dir not
> readable by users.
> Also, a /roottmp or whatever, could be considered,
> based on your
> security needs.
>
> > it would be
> > relatively simple for any person with malicious
> intent to
> > find out exactly what to call the links.
>
> If you append $$, its hard. AIX was written with c2
> security in mind,
> and you cannot easily guess the next pid.
>
> > One easy way around it would be to remove the file
> before
> > trying to write to it.
>
> An improvent. Still there is a race-condition.
> If you remove, say, 2 files, you do io and its
> possible that your
> process gets stopped there (between removing
> first/second file).
> Then a user-process could get cpu and re-do the link
> on the file you
> just removed.
> If you dont append $$ to the filename, there is a
> known filename (he
> could know from earlier runs of the script) and this
> race-condition is
> not so unprobable.
>
> If you append $$, it seems safer, but if the user
> created file0 -
> file$$-max, he just has to check what has been
> deleted and recreate the
> link. Probably that takes too much cpu/io and your
> script/task will be
> rescheduled before.
>
> On a system with high security needs, root must not
> use anything
> world-writeable, including /tmp.
> At least create /tmp/root 700, the sticky bit on
> /tmp should prevent a
> user from deleting it.
__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:10 EDT