Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 23 Feb 2014 08:12:21 +1100
From: Michael Samuel <>
Subject: Re: Fwd: temporary file creation vulnerability in Redis


On 23 February 2014 07:35, Matthew Hall <> wrote:

>    641      snprintf(tmpfile,256,"temp-%d.rdb", (int) getpid());
>    642      fp =3D fopen(tmpfile,"w");
> ...
>    699      if (rename(tmpfile,filename) =3D=3D -1) {
This looks like the standard pattern for atomic file writing.  The temp
file would
probably be in the same directory as the data file, since cross-device
doesn't work.

This class of vulnerability relies on the fact that other users have write
to the directory that the tempfile is written to.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ