From owner-freebsd-audit  Sun Jan 16 18:11:45 2000
Delivered-To: freebsd-audit@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id 95237151D2; Sun, 16 Jan 2000 18:11:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP id 84E441CD5C9
	for <audit@freebsd.org>; Sun, 16 Jan 2000 18:11:43 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Sun, 16 Jan 2000 18:11:43 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: audit@freebsd.org
Subject: libc patch to warn about tempfiles
Message-ID: <Pine.BSF.4.21.0001161808160.32821-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Here's a patch to libc which complains when an application tries to use
mktemp()/mkstemp()/... with fewer than 10 X's (using 6 is common, but
unfortunately insecure since the PID is either known or easily guessable,
leaving only 52 different results). This may be useful for tracking down
insecure ports, as well as things in the base tree which have yet to be
fixed.

Kris

Index: mktemp.c
===================================================================
RCS file: /home/ncvs/src/lib/libc/stdio/mktemp.c,v
retrieving revision 1.18
diff -u -r1.18 mktemp.c
--- mktemp.c	2000/01/12 09:23:41	1.18
+++ mktemp.c	2000/01/17 02:08:00
@@ -42,6 +42,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <err.h>
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -105,6 +106,7 @@
 	register char *start, *trv, *suffp;
 	struct stat sbuf;
 	int pid, rval;
+	int count = 0;
 
 	if (doopen && domkdir) {
 		errno = EINVAL;
@@ -124,6 +126,7 @@
 	while (*trv == 'X' && pid != 0) {
 		*trv-- = (pid % 10) + '0';
 		pid /= 10;
+		count++;
 	}
 	while (*trv == 'X') {
 		char c;
@@ -133,8 +136,11 @@
 			c = pid + 'A';
 		else
 			c = (pid - 26) + 'a';
+		count++;
 		*trv-- = c;
 	}
+	if (count<10)
+	  warnx("WARNING: Temporary file created using %d X's", count);
 	start = trv + 1;
 
 	/*

----
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message