Topic: unique_path is an exploit waiting to happen


Author: magfr@lysator.liu.se
Date: Sat, 6 Jul 2013 23:02:49 -0700 (PDT)
Raw View
------=_Part_8211_27719792.1373176969796
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

In the filesystem specification draft N3693 there is a function,=20
unique_path, that seems to be modeled on the obsolecent tempnam[1] function=
..

tempnam is widely recognized as problematic since it leaves an attack=20
window from the check that the file name is missing to the actual creation=
=20
of the file.

This problem also seems to be foreshadowed by 2.1=A7=A74-5

I thus suggest that unique_path (15.38) is removed from the proposal.

One could imagine a function modeled after mkstemp[2] but it would be nice=
=20
if that function allowed the use of alternative file creation functions to=
=20
allow opening e.g. temporary unix domain sockets, and it is also an open=20
question if it belongs in the file system module.

[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/tempnam.html
[2] http://pubs.opengroup.org/onlinepubs/9699919799/functions/mkstemp.html

--=20

---=20
You received this message because you are subscribed to the Google Groups "=
ISO C++ Standard - Future Proposals" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.
To post to this group, send email to std-proposals@isocpp.org.
Visit this group at http://groups.google.com/a/isocpp.org/group/std-proposa=
ls/.



------=_Part_8211_27719792.1373176969796
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

In the filesystem specification draft N3693 there is a function, unique_pat=
h, that seems to be modeled on the obsolecent tempnam[1] function.<br><br>t=
empnam is widely recognized as problematic since it leaves an attack window=
 from the check that the file name is missing to the actual creation of the=
 file.<br><br>This problem also seems to be foreshadowed by 2.1=A7=A74-5<br=
><br>I thus suggest that unique_path (15.38) is removed from the proposal.<=
br><br>One could imagine a function modeled after mkstemp[2] but it would b=
e nice if that function allowed the use of alternative file creation functi=
ons to allow opening e.g. temporary unix domain sockets, and it is also an =
open question if it belongs in the file system module.<br><br>[1] http://pu=
bs.opengroup.org/onlinepubs/9699919799/functions/tempnam.html<br>[2] http:/=
/pubs.opengroup.org/onlinepubs/9699919799/functions/mkstemp.html<br>

<p></p>

-- <br />
&nbsp;<br />
--- <br />
You received this message because you are subscribed to the Google Groups &=
quot;ISO C++ Standard - Future Proposals&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to std-proposals+unsubscribe@isocpp.org.<br />
To post to this group, send email to std-proposals@isocpp.org.<br />
Visit this group at <a href=3D"http://groups.google.com/a/isocpp.org/group/=
std-proposals/">http://groups.google.com/a/isocpp.org/group/std-proposals/<=
/a>.<br />
&nbsp;<br />
&nbsp;<br />

------=_Part_8211_27719792.1373176969796--

.