Symlink race

Symlink race

A symlink race is a kind of software security vulnerability that results from a program creating files in an insecure manner. A malicious user can create a symbolic link to a file not otherwise accessible to him or her. When the privileged program creates a file of the same name as the symbolic link, it actually creates the linked-to file instead, possibly inserting content provided by the malicious user.

It is called a "race" because in its typical manifestation, the program checks to see if a file by that name already exists, then creates the file. An attacker must create the link in the interval between the check and when the file is created.

Example

In this naive example, the Unix program foo is setuid. Its function is to retrieve information for the accounts specified by the user. For "efficiency", it sorts the requested accounts into a temporary file (/tmp/foo naturally) before making the queries.

The directory /tmp is world-writable. Malicious user Mallory creates a symbolic link to the file /.rhosts named /tmp/foo. Then, she invokes foo with + + as the requested account. The program creates the (temporary) file /tmp/foo (really creating /.rhosts) and puts the requested account (+ +) in it. It removes the temporary file (merely removing the symbolic link).

Now the /.rhosts contains + +, which is the incantation necessary to allow anyone to use rlogin to log into the computer as the superuser.

Workaround

The standard library function "mkstemp(3)" can be used to safely create temporary files. For shell scripts, the system utility mktemp does the same thing.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Symlink-Schwachstelle — Eine Symlink Schwachstelle (auch symlink vulnerability) ist eine Sicherheitslücke, die es einem Angreifer erlaubt, beliebige Dateien mit den Rechten des ausgeführten Programmes zu schreiben. Diese Lücke entsteht, wenn ein Programm mit erweiterten …   Deutsch Wikipedia

  • Symbolic link — In computing, a symbolic link (also symlink or soft link ) is a special type of file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution. [… …   Wikipedia

  • Vulnerability (computing) — In computer security, the term vulnerability is applied to a weakness in a system which allows an attacker to violate the integrity of that system. Vulnerabilities may result from weak passwords, software bugs, a computer virus or other malware,… …   Wikipedia

  • GoboLinux — Infobox OS name = GoboLinux caption = GoboLinux website = http://gobolinux.org/ developer = family = Linux source model = Free Software released = latest release version = 014.01 latest release date = release date|2008|03|30 latest test version …   Wikipedia

  • Time-of-Check-to-Time-Of-Use-Problem — Der Begriff Time of Check to Time Of Use Problem, abgekürzt auch als TOCTTOU (ausgesprochen als TOCK too) beschreibt ein durch einen Programmfehler (Software Bug) bei der Ausführung Computerprogrammen auftretendes Problem. Allgemein wird damit… …   Deutsch Wikipedia

  • Time-of-check-to-time-of-use — A time of check to time of use bug (TOCTTOU − pronounced TOCK too ) is a software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. It is a kind of race …   Wikipedia

  • Linux Security Modules — (LSM) is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation. The framework is licensed under the terms of the GNU General Public License… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”