[Pipet Devel] temp files

J.W. Bizzaro bizzaro at geoserve.net
Fri Mar 3 00:12:00 EST 2000 

Brad Chapman wrote:
> 
> Okay, so we should stick our temp directory in a
> protected/non-accessable location. I think this should be defined in
> the config file.

I think the article is saying the user should have a $TMP_DIR environment
variable set that gives the location of a temp directory ACCESSIBLE ONLY TO THE
ONE USER.  But I can't find a $TMP_DIR variable on my system.  We could have
the user define one in their .*shrc file.  But heck, why not have...

    $USER_HOME/loci/temp/

???

That would limit temp directory access to the user alone.

The problem is crackers/script-kiddies often place evil things in temp
directories that can compromise system security.  This has actually been the
cause of many security changes in big apps like apache and sendmail.

> Okay, this is something I'm definately not doing. The temp files
> describing a front end are very structured (purposely, to make it
> easier to read and debug and to make the represenation of the
> workspace make sense). I don't think it would be that hard to start
> making them random names, we could just define a dictionary that maps
> random numbers to actual names:
> 
> save_file[234A58B67] = 'workspace1/workspace2/viewer3.xml'
> 
> or something like this. But I don't really understand the security
> argument here. Why should it matter to have random versus ordered
> names?

I think what happens is a script-kiddie catches on to the fact that an
application _always_ places a file with a set name in /tmp.  For example, if an
application has a file named...

    /tmp/temporary.file

a kiddie can put a symlink in its place...

    /tmp/temporary.file@

that will cause the application to save things to places even less secure.  A
randomly named temp file would prevent this.

(But, I'm not a security guru.)

> > Also make sure that the file doesn't exist before creating it,
> 
> Right now the way it creates directories and files, files will never
> be written over the top of each other.

I think this is for the exact same reason as above.  The program should check
for the existence of a symlink where a file is to be written.

> Do you think this article implies I should change things about the
> current storage to make it safer, or am I doing things right? I'm not
> positive about the random file stuff.

Well, I believe all the points the article makes are good.  But we can worry
about this stuff as Loci gets bigger and more widely used.

Cheers.
Jeff
-- 
                      +----------------------------------+
                      |           J.W. Bizzaro           |
                      |                                  |
                      | http://bioinformatics.org/~jeff/ |
                      |                                  |
                      |        BIOINFORMATICS.ORG        |
                      |           The Open Lab           |
                      |                                  |
                      |    http://bioinformatics.org/    |
                      +----------------------------------+

More information about the Pipet-Devel mailing list