Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 23 Feb 2014 08:12:21 +1100
From: Michael Samuel <>
Subject: Re: Fwd: temporary file creation vulnerability in Redis


On 23 February 2014 07:35, Matthew Hall <> wrote:

>    641      snprintf(tmpfile,256,"temp-%d.rdb", (int) getpid());
>    642      fp =3D fopen(tmpfile,"w");
> ...
>    699      if (rename(tmpfile,filename) =3D=3D -1) {
This looks like the standard pattern for atomic file writing.  The temp
file would
probably be in the same directory as the data file, since cross-device
doesn't work.

This class of vulnerability relies on the fact that other users have write
to the directory that the tempfile is written to.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.