[Nagiosplug-devel] tip for plugin development and temp files
Leif Nixon
nixon at nsc.liu.se
Mon Jan 2 22:12:38 CET 2012
Matthieu Fournet <fournet.matthieu at gmail.com> writes:
> So my advice would be to name temp files like :
>
> tmp_[plugin_name]_[timestamp]
If we are talking about files under /tmp, or any other location which is
world-writable, this is a very bad idea, as it opens you up to symlink
attacks.
See e.g.
https://www.securecoding.cert.org/confluence/display/seccode/FIO43-C.+Do+not+create+temporary+files+in+shared+directories
for more details.
--
Leif Nixon - Security officer
National Supercomputer Centre - Swedish National Infrastructure for Computing
Nordic Data Grid Facility - European Grid Infrastructure
More information about the Devel
mailing list