Received: with LISTAR (v1.0.0; list gopher);
 Thu, 18 Jan 2001 18:36:31 -0600 (CST)
Return-Path: <opop@erols.com>
Delivered-To: gopher@complete.org
Received: from gtei2.bellatlantic.net (gtei2.bellatlantic.net [199.45.40.146])
	by pi.glockenspiel.complete.org (Postfix) with ESMTP id 616F63B802
	for <gopher@complete.org>; Thu, 18 Jan 2001 18:36:29 -0600 (CST)
Received: from mothra (adsl-141-152-12-101.bellatlantic.net [141.152.12.101])
	by gtei2.bellatlantic.net (8.9.1/8.9.1) with ESMTP id TAA21901
	for <gopher@complete.org>; Thu, 18 Jan 2001 19:36:12 -0500 (EST)
Received: from x by mothra with local (Exim 3.20 #1 (Debian))
	id 14JPSC-0002Oq-00
	for <gopher@complete.org>; Thu, 18 Jan 2001 19:30:56 -0500
Date: Thu, 18 Jan 2001 19:30:56 -0500
From: David Allen <s2mdalle@titan.vcu.edu>
To: gopher@complete.org
Subject: [gopher] Re: Security problems in gopherd (Was Security alert)
Message-ID: <20010118193056.A8805@mothra>
References: <20010117181031.A16810@mothra> <87ely1jsh6.fsf@complete.org>
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
User-Agent: Mutt/1.0.1i
In-Reply-To: <87ely1jsh6.fsf@complete.org>;
 from jgoerzen@complete.org on Thu, Jan 18, 2001 at 01:15:49AM -0500
Content-Transfer-Encoding: 8bit
X-archive-position: 125
X-listar-version: Listar v1.0.0
Sender: gopher-bounce@complete.org
Errors-to: gopher-bounce@complete.org
X-original-sender: s2mdalle@titan.vcu.edu
Precedence: bulk
Reply-to: gopher@complete.org
List-help: <mailto:listar@complete.org?Subject=help>
List-unsubscribe: <mailto:gopher-request@complete.org?Subject=unsubscribe>
List-software: Listar version 1.0.0
X-List-ID: Gopher <gopher.complete.org>
List-subscribe: <mailto:gopher-request@complete.org?Subject=subscribe>
List-owner: <mailto:jgoerzen@complete.org>
List-post: <mailto:gopher@complete.org>
List-archive: <http://www.complete.org/mailinglists/archives/>
X-list: gopher


On Thu, Jan 18, 2001 at 01:15:49AM -0500, John Goerzen wrote:
> 
> One option would be to create a directory in /tmp, mode 0700, and put
> all files in it.  This would allow the more-portable tempnam() to
> continue to be used.  In the course of auditing sprintf()s, I did come
> across one or two open() calls for /tmp files and added O_EXCL to the
> list as a temporary measure...
> 
> -- John

I just added the mktmpdir() function in serverutil.c to create this
directory.  Take a look at it and tell me if I'm missing anything
(since I'm not up on security as much as I should be)

If everything is kosher, I'll change those tmpnam calls to use this
directory.  Is there a clean way to do this other than adding another
entry to globals.h?  (I really hate globals like ASKfile and Gticket
where it's hard to figure out what the scope of the damage is going to
be if you change a call where they are involved)

-- 
David Allen
http://opop.nols.com/