Participants
Bruce Momjian
Bruce Momjian
Peter Eisentraut
Peter Eisentraut
Peter Eisentraut - PostgreSQL
Peter Eisentraut - PostgreSQL
Attachments

No attachments in this thread

Thread Outline
#1Peter Eisentraut - PostgreSQLPeter Eisentraut - PostgreSQL
Jun 23, 2001
#2Bruce MomjianBruce Momjianto Peter Eisentraut - PostgreSQL (#1)
Jun 23, 2001
#3Peter EisentrautPeter Eisentrautto Bruce Momjian (#2)
Jun 24, 2001
#4Bruce MomjianBruce Momjianto Peter Eisentraut (#3)
Jun 24, 2001
#5Peter EisentrautPeter Eisentrautto Bruce Momjian (#4)
Jun 25, 2001
#6Bruce MomjianBruce Momjianto Peter Eisentraut (#5)
Jun 25, 2001

pgsql/src/bin/initdb initdb.sh

Started by Peter Eisentraut - PostgreSQLover 24 years ago6 messages
#1Peter Eisentraut - PostgreSQL
Peter Eisentraut - PostgreSQL
petere@hub.org

CVSROOT: /home/projects/pgsql/cvsroot
Module name: pgsql
Changes by: petere@hub.org 01/06/23 19:29:48

Modified files:
src/bin/initdb : initdb.sh

Log message:
Don't use a temp file. It was created insecurely and was easy to do without.

#2Bruce Momjian
Bruce Momjian
pgman@candle.pha.pa.us
In reply to: Peter Eisentraut - PostgreSQL (#1)
Re: pgsql/src/bin/initdb initdb.sh

CVSROOT: /home/projects/pgsql/cvsroot
Module name: pgsql
Changes by: petere@hub.org 01/06/23 19:29:48

Modified files:
src/bin/initdb : initdb.sh

Log message:
Don't use a temp file. It was created insecurely and was easy to do without.

This brings up a question. If I have pid 333 and someone creates a file
world-writable called /tmp/333, and I go and do:

cat file >/tmp/$$

isn't another user now able to modify those temp file contents. Is that
the insecurity you mentioned Peter, and if so, how do you prevent this?

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
#3Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Bruce Momjian (#2)
Re: pgsql/src/bin/initdb initdb.sh

Bruce Momjian writes:

This brings up a question. If I have pid 333 and someone creates a file
world-writable called /tmp/333, and I go and do:

cat file >/tmp/$$

isn't another user now able to modify those temp file contents. Is that
the insecurity you mentioned Peter, and if so, how do you prevent this?

That is one possibility. Another exploit is with a symlink from /tmp/333
to a file you want to overwrite. This is more fun with root, but it's
still not a good idea here.

To securely create a temp file in shell you need to use mktemp(1), or do
something like (umask 077 && mkdir $TMPDIR/$$) to create a subdirectory.
Needless to say, it's tricky.

--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter

#4Bruce Momjian
Bruce Momjian
pgman@candle.pha.pa.us
In reply to: Peter Eisentraut (#3)
Re: [COMMITTERS] pgsql/src/bin/initdb initdb.sh

Bruce Momjian writes:

This brings up a question. If I have pid 333 and someone creates a file
world-writable called /tmp/333, and I go and do:

cat file >/tmp/$$

isn't another user now able to modify those temp file contents. Is that
the insecurity you mentioned Peter, and if so, how do you prevent this?

That is one possibility. Another exploit is with a symlink from /tmp/333
to a file you want to overwrite. This is more fun with root, but it's
still not a good idea here.

To securely create a temp file in shell you need to use mktemp(1), or do
something like (umask 077 && mkdir $TMPDIR/$$) to create a subdirectory.
Needless to say, it's tricky.

Wow, that symlink is a bad one. I don't see mktemp(1) on bsd/os, only
mktemp(3). I do see it on FreeBSD.

Good thing I don't have other shell users on my system. I do cat

/tmp/$$ all the time in scripts.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
#5Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Bruce Momjian (#4)
Re: [COMMITTERS] pgsql/src/bin/initdb initdb.sh

Bruce Momjian writes:

To securely create a temp file in shell you need to use mktemp(1), or do
something like (umask 077 && mkdir $TMPDIR/$$) to create a subdirectory.
Needless to say, it's tricky.

Wow, that symlink is a bad one. I don't see mktemp(1) on bsd/os, only
mktemp(3). I do see it on FreeBSD.

Good thing I don't have other shell users on my system. I do cat

/tmp/$$ all the time in scripts.

I see we have temp file vulnerabilities in genbki.sh and Gen_fmgrtab.sh as
well. I'll try to fix them.

--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter

#6Bruce Momjian
Bruce Momjian
pgman@candle.pha.pa.us
In reply to: Peter Eisentraut (#5)
Re: Re: [COMMITTERS] pgsql/src/bin/initdb initdb.sh

Bruce Momjian writes:

To securely create a temp file in shell you need to use mktemp(1), or do
something like (umask 077 && mkdir $TMPDIR/$$) to create a subdirectory.
Needless to say, it's tricky.

Wow, that symlink is a bad one. I don't see mktemp(1) on bsd/os, only
mktemp(3). I do see it on FreeBSD.

Good thing I don't have other shell users on my system. I do cat

/tmp/$$ all the time in scripts.

I see we have temp file vulnerabilities in genbki.sh and Gen_fmgrtab.sh as
well. I'll try to fix them.

What is the vulnerability? I see:

- if [ "$TMPDIR" ]; then
- TEMPFILE="$TMPDIR/initdb.$$"
- else
- TEMPFILE="/tmp/initdb.$$"
- fi

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
← Back to Topics