[pca] hiding SOA data from "ps"
Glenn Satchell
Glenn.Satchell at uniq.com.au
Tue Dec 1 23:40:35 CET 2009
>Date: Tue, 01 Dec 2009 15:49:05 +0100
>From: Martin Paul <martin at par.univie.ac.at>
>
>Dra¾en Kaèar wrote:
>> No, there's nothing to be gained there. I mean something like creating a
>> symlink at the location your temporary file will be created, which then
>> points to something you can write into, but another user can read. So
>> he can get the username and password you're trying to hide.
>
>Ok, I see. Until now, I've used a simple (and imperfect) approach,
>appending time() and $$ to any temporary file name to cater with that.
>
>It would be better to use temporary directories instead, as the symlink
>scenario doesn't work then anymore. It stills leaves open the chance of
>a DoS attack, simply by creating all possible dir/file names, though.
>
>I see that there is a File::Temp module for the very purpose of creating
>safe tmp files in perl >= 5.6.1, so I'll probably switch to that for all
>the temporary files/dirs I use.
>
>Here's a link with many details about safe temp file creation:
>
> http://www.linuxsecurity.com/content/view/115462/151/
>
>Or as "man File::Temp" says:
>
> It's better to use this module than to try to pick a temporary file on
> your own. Otherwise, you'll just fall into all the same traps as
> everyone else before you.
>
>:)
That looks like a much better solution than my example. Must remember
that module.
The paper about safe temp files is great - simple and straight forward.
regards,
-glenn
More information about the pca
mailing list