473,685 Members | 2,719 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Question on os.tempnam() vulnerability

Hello,

Does any one know what kind of security risk these message are
suggesting?
>>f = os.tempnam()
__main__:1: RuntimeWarning: tempnam is a potential security risk to
your program
>>f
'/tmp/filed4cJNX'
>>g = os.tmpnam()
__main__:1: RuntimeWarning: tmpnam is a potential security risk to
your program
>>g
'/tmp/fileENAuNw'

Thanks,
~cw
Jan 4 '08 #1
9 3818
ca***********@g mail.com wrote:
Does any one know what kind of security risk these message are
suggesting?
>>>f = os.tempnam()
__main__:1: RuntimeWarning: tempnam is a potential security risk to
your program
>>>f
'/tmp/filed4cJNX'
>>>g = os.tmpnam()
__main__:1: RuntimeWarning: tmpnam is a potential security risk to
your program
>>>g
'/tmp/fileENAuNw'
you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.

</F>

Jan 4 '08 #2
On 2008-01-04, Fredrik Lundh <fr*****@python ware.comwrote:
you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.
Under Windows, is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it? I never figured out a way to do that and had to fall back
on the "unsafe" tmpnam method.

--
Grant Edwards grante Yow! I have seen these EGG
at EXTENDERS in my Supermarket
visi.com ... I have read the
INSTRUCTIONS ...
Jan 4 '08 #3
On Jan 4, 12:09 pm, Fredrik Lundh <fred...@python ware.comwrote:
cameronwon...@g mail.com wrote:
Does any one know what kind of security risk these message are
suggesting?
>>f = os.tempnam()
__main__:1: RuntimeWarning: tempnam is a potential security risk to
your program
>>f
'/tmp/filed4cJNX'
>>g = os.tmpnam()
__main__:1: RuntimeWarning: tmpnam is a potential security risk to
your program
>>g
'/tmp/fileENAuNw'

you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.

</F>
Thanks Fredrik, for the clear explanation!!!

~cw
Jan 5 '08 #4
Grant Edwards pisze:
>you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.

Under Windows, is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it? I never figured out a way to do that and had to fall back
on the "unsafe" tmpnam method.
I think it's all impossible to get only file name and feel safe. You
have to have both file name and a file object opened exclusively for
you. Any other way you'll get a possible race condition.

--
Jarek Zgoda
http://zgodowie.org/
Jan 5 '08 #5
On 2008-01-05, Jarek Zgoda <jz****@o2.usun .plwrote:
>Under Windows, is there a "safe" way to create a temp file
that has a name that can be passed to a program which will
then open it? I never figured out a way to do that and had to
fall back on the "unsafe" tmpnam method.

I think it's all impossible to get only file name and feel
safe. You have to have both file name and a file object opened
exclusively for you. Any other way you'll get a possible race
condition.
I know. That's the point of my question: how do you do that
under Windows?

--
Grant Edwards grante Yow! HAIR TONICS, please!!
at
visi.com
Jan 5 '08 #6
I know. That's the point of my question: how do you do that
under Windows?
When you create a new process, you have the option to inherit
file handles to the new process. So the parent should open the
file, and then inherit the handle to the new process.

The new process will need to know what the file handle it should
use. There are two basic options:
a) pass the file handle number as a string on the command line
b) make the handle either stdin or stdout of the new process,
and have the new process ask for its stdin/stdout handle.

IOW, it's the same approach as on Unix.

Regards,
Martin
Jan 5 '08 #7
On 2008-01-05, Martin v. Löwis <ma****@v.loewi s.dewrote:
>I know. That's the point of my question: how do you do that
under Windows?

When you create a new process, you have the option to inherit
file handles to the new process. So the parent should open the
file, and then inherit the handle to the new process.
That's an answer, though not for the question I asked. The
program that's being run requires a that it be passed a
filename on the command-line.

I'm not writing the program that is to open the file. If I
were, I'd just make it a python module and call it instead of
running it in a separate process.
IOW, it's the same approach as on Unix.
Not really. Under Unix you can safely create a temp file with
a name that can be used to open the file. I asked about a way
to do that under Windows as well.

--
Grant Edwards grante Yow! ... I live in a
at FUR-LINE FALLOUT SHELTER
visi.com
Jan 5 '08 #8
That's an answer, though not for the question I asked.

I think you'll have to pose a complete question again,
rather than "how do I do that", if you want to get an
answer to your question.
Not really. Under Unix you can safely create a temp file with
a name that can be used to open the file. I asked about a way
to do that under Windows as well.
Assuming you are still talking about

" is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it?"

then also on Unix, the answer is: no, that's not possible.
I assume you are asking about a scenario such as:
a) the parent process creates a file
b) the parent process closes its handle to the file
c) the parent process creates a child process passing
the file name
d) the child process opens the file, and is certain that it
is still the same file

then this sequence cannot be implemented on Unix, either - another
process may remove the file and create a new one between b and d.

Regards,
Martin
Jan 5 '08 #9
Grant Edwards wrote:
>IOW, it's the same approach as on Unix.

Not really. Under Unix you can safely create a temp file with
a name that can be used to open the file.
Unless I'm missing something, it's not possible to do this in a safe
way in the shared temp directory; you can do that only by creating a
file in a directory that's under full control of your user.

And *that* approach works on Windows as well, of course.

</F>

Jan 5 '08 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

16
2360
by: Tim Tyler | last post by:
Today's: "Directory Traversal Vulnerability": - http://secunia.com/advisories/10955/ More evidence tht PHP was hacked together rapidly without a great deal of thought being given to security. -- __________ |im |yler http://timtyler.org/ tim@tt1lock.org Remove lock to reply.
8
2643
by: lian | last post by:
Hi all, I have installed a web-based software written in php which needs that i should turn "register_globals" from off to on in the php.ini. There are some comments for register_globals in php.ini saying: "You should do your best to write your scripts so that they do not require register_globals to be on; Using form variables as globals can easily lead to possible security problems, if the code is not very well thought of."
3
1425
by: pythos | last post by:
Newbie at python (but not programming) here... I have a program that has "import os" at the top, and then later a call to utime() is made. The python interpreter says "name 'utime' is not defined". But if I change "utime(...)" to "os.utime(...)" then it works fine. Perhaps I am expecting the "import os" statement to work the same way as "import <package_name>.*" does in Java. So is it the case that if I write "import os" in python,...
1
2213
by: Norman Diamond | last post by:
Page http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vclib/html/_crt_sscanf.2c_.swscanf.asp says: > Security Note When reading a string with sscanf, always specify a width > for the %s format (for example, "32%s" instead of "%s"); otherwise, > improperly formatted input can easily cause a buffer overrun. If a programmer obeys MSDN and specifies a format like "32%s" then improperly formatted input can easily cause a...
12
1729
by: Greg Hurlman | last post by:
http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754 This is, IMNSHO, the worst thing I've ever heard of. Spread the word, test your sites, and send angry emails to Microsoft. --- Greg Hurlman ghurlman*AT*squaretwo*DOT*net http://blogs.squaretwo.net
7
1790
by: Nak | last post by:
Hi there, Im currently developing a web site using PHP. Unfortunately due to limitations with my web server I am having to use XML as a method of data persitance, this doesn't really bother me as I prefer XML anyway. I'm not using ASP.NET for design reasons at the moment. At the moment I am fighting a design battle in relation to file writing and various locking methods which all appear to be very unreliable. That's why I am...
10
2975
by: broeisi | last post by:
What advantages does sscanf offer over scanf? I had the following code: #include <stdio.h> #include <string.h> int main(void) { int start, finish, values;
5
3218
by: Norm | last post by:
Does anyone have any suggestions for securing against this vulnerability: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1027 Fixes are not yet available from IBM. They will be in FP2 for V9 and FP15 for V8. Would changing the permissions on the db2dump directory so that only instance owner has access be enough?
1
5451
by: Cat | last post by:
Hi. Would you recommend a ASP (IIS) web server vulnerability scanner? If I install the all the updates from Microsoft, then I don't need vulnerability scanners? I was on a chat, I installed all the updates, but the other guy said he found some vulnerability from my web server and he could attack it. I think that guy used some tool to check vulnerabilities. I treid to find a scanner myself, but I don't know which is the best. Thank you.
0
8507
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9046
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
7589
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6431
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5792
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4523
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2938
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2198
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
1927
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.