Subject: | predictable files in /tmp |
Date: | Mon, 30 Sep 2013 11:14:32 +0200 |
To: | bug-message-passing-zeromq [...] rt.cpan.org |
From: | Jonas Smedegaard <dr [...] jones.dk> |
Hi,
I noticed your recent fix for ØMQ bug#140 changing to /tmp if ZMQ_SWAP
is enabled.
That makes me worry: does that mean ØMQ creates predictable files in a
shared writable directory?
If so, I'd say that's a bug: It is common practice to chdir to root dir
before starting daemons - AFAIUI not only to ensure the path does not
disappear while daemon is running, but also to ensure CWD is not
writable - exactly to avoid surprise security weaknesses like this.
Unless ØMQ only does a silly check for writability (i.e. does not
actually write any files to CWD), I suggest to _not_ do a chdir, but
instead do a check for write access on our own and fail with a human
understandable error if not - hinting about the need for CWD to be
writable (and recommending to use a _private_ writable dir if the system
has any untrusted users.
Regards,
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
Message body not shown because it is not plain text.