From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29359 invoked by alias); 8 Jan 2015 06:22:26 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 34165 Received: (qmail 10122 invoked from network); 8 Jan 2015 06:22:24 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=fWZIRia6zcrR4yAz7zt7afBht0v77P8G1XlvRWGOejc=; b=aZqzAloG/6jlJ+3FMpE9u/ccoONEklo9Z7WfOpqGTzu+3i+FuDutlidXj+tzYZcFWJ K/G1mi2qNGrFNnixj0JpE2g1Fm+iF0Y5GZilGYFEVkQvI2Eedshdw2wxMAgsnpThiQkg G7Lty9Csr16i9Ty9E/gqfeKq5sJkmw8ha5bEc7faEosdmUk1LPtPwlp+OAuTvzFmke7M lAyl1QJjAyWQRu/CLEYt1QUEn67Q27pYtQSAo7OHarHoxVLM3PVJp6uYFSDSRIO5alMW r3u7KiMLC2/qn9gno6/FNij9c9htCpWnD3QnoYHXSMkS8bfGaDpFdCi1xYI2Can4Jkgg 6Z5Q== X-Gm-Message-State: ALoCoQm7XBvpahe5/gN4LGzASL9ZbsVgu4Y3y87ZIqBwmAqbR8zyvI6Sh+1Zth/VdzvRIlV/bEZb MIME-Version: 1.0 X-Received: by 10.194.86.135 with SMTP id p7mr15229284wjz.89.1420698140280; Wed, 07 Jan 2015 22:22:20 -0800 (PST) In-Reply-To: <20150107220345.GE1714@tarsus.local2> References: <20141222203624.GA24855@tarsus.local2> <141227223029.ZM15959@torch.brasslantern.com> <141227234421.ZM16038@torch.brasslantern.com> <141228004101.ZM28486@torch.brasslantern.com> <20141229004957.GA1737@tarsus.local2> <141228200142.ZM22840@torch.brasslantern.com> <20150107220345.GE1714@tarsus.local2> Date: Wed, 7 Jan 2015 22:22:20 -0800 Message-ID: Subject: Re: [PATCH] Re: Insecure tempfile creation From: Bart Schaefer To: Zsh hackers list Content-Type: text/plain; charset=UTF-8 On Wed, Jan 7, 2015 at 2:03 PM, Daniel Shahaf wrote: > Coming back to this, it has occurred to me that > > mv -f =(:) ${TMPPREFIX:-/tmp/zsh}foo$$ > > wouldn't perform an atomic rename (as intended) if /tmp/zshfoo$$ is a > directory or symlink-to-directory. So hypothetically an attacker might > be able to create a file named `basename =(:)` in a directory of his > choice owned by the victim. Hmm. Yup, we need "ln -Fh" instead of "mv -f". Are the -F and -h options of "ln" fairly standard?