1. Miki Tebeka
  2. nrsc
  3. Issues
Issue #6 new

/tmp vulnerabilities

Anonymous created an issue

(Hi, it's Tv. I'm too lazy to create a bitbucket account for this.)

  1. nrsc the shell script writes to "/tmp/nrsc-$(date +%s).zip". Other users on the same machine can create symlinks by that name for the upcoming seconds, and either DoS you, or make you write to locations you didn't expect to write to. This behavior is generally considered a security vulnerability.

Suggested workarounds: use mktemp, or tmp="$exe.$PID.tmp", or as you had planned, rewrite in Go

  1. nrsc_test.go writes to /tmp/nsrc-test. Same as above, even easier to trigger accidentally. Use http://golang.org/pkg/io/ioutil/#TempDir

  2. nrsc_test.go always binds to port 9888. It should bind to port 0, and then see what port it got.

and always uses port 9888

Comments (2)

  1. Log in to comment