Many coders do not think that creating temporary files in a secure way is important, especially in shell scripts. It’s just a temporary file, they might say. But a simple symbolic link exploit could make the whole system unusable.
Let’s take a look at how this exploit works. Most often temporary files are created as follows within shell scripts.
|
1 |
command /path/to/file > /tmp/tempfile |
An attacker, who knows the name of the temporary file, could just create a symbolic link of that file to a system file. For example, create a symbolic link /tmp/tempfile that points to /bin/bash.
|
1 2 |
# ls -l /tmp lrwxrwxrwx 1 ibrahim users 6 Jan 22 22:55 tempfile -> /bin/bash |
Now, if the script is run again (assuming with root privileges), the /bin/bash shell will get overwritten, making the system unusable.
Mohamed Ibrahim
ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }
