[hobbit] Temporary Files

[Henrik Stoerner]

On Mon, Dec 19, 2005 at 03:33:38PM +1100, Adam Goryachev wrote:
> Just thought I might clarify tmp file handling for hobbit and hobbit
> client specifically.
> 
> It would seem to me that tmp file handling is probably insecure...
> -rw-r--r--  1 hobbit hobbit     237 2005-12-19 14:41 hobbit_vmstat.12913
> -rw-r--r--  1 hobbit hobbit   14996 2005-12-19 14:41 msg.txt
> 
> ie, it is easy for an 'attacker' to create a file called msg.txt before
> hobbit does (though it seems that file is kept there all the time, so it
> would have to be created between system bootup and hobbit startup.
> 
> The vmstat file would be easier to do, since it is removed each time
> after use.
> 
> Just thought it would be nice to use a tmp dir specifically for hobbit,
> such as /tmp/hobbit or /usr/lib/hobbit/client/tmp etc .....

Hobbit does create a tmp directory for itself. Unless you've changed the
configuration, all temporary files are kept in the directory pointed to
by the BBTMP setting in hobbitclient.cfg; by default that is
~hobbit/client/tmp/

The server uses the BBTMP setting from hobbitserver.cfg, which defaults
to ~hobbit/server/tmp/

You're right that the statically named "msg.txt" file could be a
problem. In the current snapshot I've changed the client script to 
always generate the message using a temporary filename ("msg.txt.$$" 
which uses the PID of the client process - it changes from time to time).
The hobbitclient.sh script now does

    TEMPFILE="$BBTMP/msg.txt.$$"
    rm -f $TEMPFILE
    touch $TEMPFILE
    ... more commands to build and send the client message ...
    rm -f $BBTMP/msg.txt
    mv $TEMPFILE $BBTMP/msg.txt

The reason why I save the latest message in msg.txt is for debugging
only. The ideal thing would be to use the "mktemp" command, but that
is not available on all systems where the client may run.

This has been in the snapshots since November.


Regards,
Henrik