[Nagiosplug-devel] tip for plugin development and temp files

Leif Nixon nixon at nsc.liu.se
Mon Jan 2 22:12:38 CET 2012

Previous message: [Nagiosplug-devel] [ nagiosplug-Bugs-3468344 ] Wrong Performance Data from check_disk
Next message: [Nagiosplug-devel] [ nagiosplug-Patches-3469275 ] Add regex for header checks in check_http
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matthieu Fournet <fournet.matthieu at gmail.com> writes:

> So my advice would be to name temp files like :
>
> tmp_[plugin_name]_[timestamp]

If we are talking about files under /tmp, or any other location which is
world-writable, this is a very bad idea, as it opens you up to symlink
attacks.

See e.g.

  https://www.securecoding.cert.org/confluence/display/seccode/FIO43-C.+Do+not+create+temporary+files+in+shared+directories

for more details.

-- 
Leif Nixon - Security officer
National Supercomputer Centre - Swedish National Infrastructure for Computing
Nordic Data Grid Facility - European Grid Infrastructure

Previous message: [Nagiosplug-devel] [ nagiosplug-Bugs-3468344 ] Wrong Performance Data from check_disk
Next message: [Nagiosplug-devel] [ nagiosplug-Patches-3469275 ] Add regex for header checks in check_http
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list