[jira] [Created] (DAEMON-331) Creating and using temporary files

["Jochen Wiedmann (JIRA)" <ji...@apache.org>]

Jochen Wiedmann created DAEMON-331:
--------------------------------------

             Summary: Creating and using temporary files
                 Key: DAEMON-331
                 URL: https://issues.apache.org/jira/browse/DAEMON-331
             Project: Commons Daemon
          Issue Type: Improvement
          Components: Jsvc
    Affects Versions: 1.0.15
         Environment: Linux/Unix
            Reporter: Jochen Wiedmann
             Fix For: 1.0.16


It came to our attention, that "jsvc" creates temporary files, naned like "/tmp/${PID}.jsvc_up" as a means of communication between a forked client process and the parent process.

These file names are clearly predictable, and one might get the impression, that this could be abused as part of an attack. However, evaluation has demonstrated, that the content of these files is never read. Therefore, even if an attacker created these files in advance with maliciious content, it wouldn't really affect the execution of "jsvc", apart from a prematurely ending parent process, perhaps with the wrong exit code.


Nevertheless, this behaviour should change;

1.) In either case, the file name must be built in advance in the parent process, and before forking the child. In other words: Parent and child must share the same name.
2.) If possible, for example on Linux, we suggest to use mktemp(3) to create the file name with a pattern like "${TMP}/jsvc_up.XXXXXX"
3.) On other operating systems, we suggest something like
     "${TMP}//jsvc_up.${RANDOM}".

Also note, that the directory "/tmp" is not ncessarily a good location for such temporary files, because it is writable for everyone. A user of Commons Daemon might wish to create a special directory or such files with restricted write permissions. In such case, the Commons Daemon user should be able to consigure the location of "$[TMP}".





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)