|Subject:||predictable files in /tmp|
|Date:||Mon, 30 Sep 2013 11:14:32 +0200|
|To:||bug-message-passing-zeromq [...] rt.cpan.org|
|From:||Jonas Smedegaard <dr [...] jones.dk>|
Hi, I noticed your recent fix for ØMQ bug#140 changing to /tmp if ZMQ_SWAP is enabled. That makes me worry: does that mean ØMQ creates predictable files in a shared writable directory? If so, I'd say that's a bug: It is common practice to chdir to root dir before starting daemons - AFAIUI not only to ensure the path does not disappear while daemon is running, but also to ensure CWD is not writable - exactly to avoid surprise security weaknesses like this. Unless ØMQ only does a silly check for writability (i.e. does not actually write any files to CWD), I suggest to _not_ do a chdir, but instead do a check for write access on our own and fail with a human understandable error if not - hinting about the need for CWD to be writable (and recommending to use a _private_ writable dir if the system has any untrusted users. Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website:[x] quote me freely [ ] ask before reusing [ ] keep private
Message body not shown because it is not plain text.