[hobbit] Temporary Files
mailinglists at websitemanagers.com.au
Mon Dec 19 14:34:18 CET 2005
On Mon, 2005-12-19 at 09:14 +0100, Henrik Stoerner wrote:
> On Mon, Dec 19, 2005 at 03:33:38PM +1100, Adam Goryachev wrote:
> > Just thought I might clarify tmp file handling for hobbit and hobbit
> > client specifically.
> > It would seem to me that tmp file handling is probably insecure...
> > -rw-r--r-- 1 hobbit hobbit 237 2005-12-19 14:41 hobbit_vmstat.12913
> > -rw-r--r-- 1 hobbit hobbit 14996 2005-12-19 14:41 msg.txt
> > ie, it is easy for an 'attacker' to create a file called msg.txt before
> > hobbit does (though it seems that file is kept there all the time, so it
> > would have to be created between system bootup and hobbit startup.
> Hobbit does create a tmp directory for itself. Unless you've changed the
> configuration, all temporary files are kept in the directory pointed to
> by the BBTMP setting in hobbitclient.cfg; by default that is
Well, I simply installed the 1.2p1 version from the deb file on
sourceforge... I didn't customise/change anything at all. Perhaps this
is different in the deb package version ??
> You're right that the statically named "msg.txt" file could be a
> problem. In the current snapshot I've changed the client script to
> always generate the message using a temporary filename ("msg.txt.$$"
> which uses the PID of the client process - it changes from time to time).
> The hobbitclient.sh script now does
> rm -f $TEMPFILE
> touch $TEMPFILE
> ... more commands to build and send the client message ...
> rm -f $BBTMP/msg.txt
> mv $TEMPFILE $BBTMP/msg.txt
If using a private tmp directory, then I don't really see this as a
problem.. however, how about something like:
if [ -x /bin/mktemp ]
else if [ -s /usr/bin/mktemp ]
if [ ! -z MKTEMP ]
rm -f $TEMPFILE
that way on hosts that have a mktemp in some 'standard' location, then
it will default to being 'more' secure....
> The reason why I save the latest message in msg.txt is for debugging
> only. The ideal thing would be to use the "mktemp" command, but that
> is not available on all systems where the client may run.
> This has been in the snapshots since November.
I suppose also, a simple if [ -e $TEMPFILE ] could check to see if the
file exists, and then just immediately send some red alert to hobbit
server with a reason.... "Possible symlink attack, file xyz already
Anyway, for me, it isn't a big concern, just noticed it, and thought I'd
ask about it....
More information about the Xymon