-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathA_security_temp_file.c
96 lines (92 loc) · 3.26 KB
/
A_security_temp_file.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/*====================================================================
* Description: Copy of the demo code about create a security temp file.
* To have some idea about what is the security code.
* DATE: 2014/05/05
* Modify:
* Conclusion:
===================================================================*/
/* includes */
#include <assert.h>
#include <errno.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <pthread.h>
#include <sys/stat.h>
#include <sys/shm.h>
#include <sys/types.h>
#include <fcntl.h>
/* Macros */
#define false 0
#define true 1
/* Returns the file descriptor for a newly created temporary file.
* The temporary file will be readable and writable by the effective
* user ID of the current process but will not be readable or
* writable by anybody else.
* Returns -1 if the temporary file could not be created. */
int secure_temp_file ()
{
/* This file descriptor points to /dev/random and allows us to get
* a good source of random bits. */
static int random_fd = -1;
/* A random integer. */
unsigned int random;
/* A buffer, used to convert from a numeric to a string
* representation of random. This buffer has fixed size, meaning
* that we potentially have a buffer overrun bug if the integers on
* this machine have a *lot* of bits. */
char filename[128];
/* The file descriptor for the new temporary file. */
int fd;
/* Information about the newly created file. */
struct stat stat_buf;
/* If we haven’t already opened /dev/random, do so now. (This is
* not threadsafe.) */
if (random_fd == -1) {
/* Open /dev/random. Note that we’re assuming that /dev/random
* really is a source of random bits, not a file full of zeros
* placed there by an attacker. */
random_fd = open ("/dev/random", O_RDONLY);
/* If we couldn’t open /dev/random, give up. */
if (random_fd == -1)
return -1;
}
/* Read an integer from /dev/random. */
if (read (random_fd, &random, sizeof (random)) !=
sizeof (random))
return -1;
/* Create a filename out of the random number. */
sprintf (filename, "/tmp/%u", random);
/* Try to open the file. */
fd = open (filename,
/* Use O_EXECL, even though it doesn’t work under NFS. */
O_RDWR | O_CREAT | O_EXCL,
/* Make sure nobody else can read or write the file. */
S_IRUSR | S_IWUSR);
if (fd == -1)
return -1;
/* Call lstat on the file, to make sure that it is not a symbolic
* link. */
if (lstat (filename, &stat_buf) == -1)
return -1;
/* If the file is not a regular file, someone has tried to trick
* us. */
if (!S_ISREG (stat_buf.st_mode))
return -1;
/* If we don’t own the file, someone else might remove it, read it,
* or change it while we’re looking at it. */
if (stat_buf.st_uid != geteuid () || stat_buf.st_gid != getegid ())
return -1;
/* If there are any more permission bits set on the file,
* something’s fishy. */
if ((stat_buf.st_mode & ~(S_IRUSR | S_IWUSR)) != 0)
return -1;
return fd;
}
int
main(int argc, char **argv)
{
secure_temp_file();
return 0;
}