Closed Bug 43569 Opened 24 years ago Closed 24 years ago

Need to use unpredictable names for temp files in file upload

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 15320
Milestone:
Future

People

(Reporter: fosterd, Assigned: pollmann)

Details

Build: 062208

This is related to bug 15320, but is not the same issue. The problem: on Linux,
Mozilla writes the contents of any form upload submission to a file in /tmp
which has a predictable name: "formpost", "formpost-1", etc. Since /tmp is world
-writable, mozilla could be tricked into overwiting arbitary files.

Solution: use tmpname(3) or something similar to make the name of temporary files.
reassigning
Assignee: rods → pollmann
Status: NEW → ASSIGNED
Summary: Mozilla creates insecure temp files in /tmp → Need to use unpredictable names for temp files in file upload
Target Milestone: --- → M18
I think the long-term plan is to not create the files at all.  However, this 
describes a short term solution that might be doable before the first release.
This seems like an implementation detail of FileSpec's MakeUnique()  I remember 
hearing mention in another bug report that MakeUnique was not the function to 
use.

CC'ing Dougt because he might know a quick answer - is there a function I can 
use that will generate a random filename instead of a predictable one?  Thanks!
hey eric, 

nsIFile does not have a createRandomFile.  if you want to add this functionality 
to nsIFile, maybe you should think about combining it with createUnique:

http://bugzilla.mozilla.org/show_bug.cgi?id=43314

Thanks!
As a note, I think that once 43314 is fixed, the solution will probably be 'good 
enough' for 1.0  That is, if we create a temp file exclusively, someone could 
not slip in a file of their own in the ordering sequence of temp files (between 
when the name was generated and the file was opened) as they could conceivably 
now.
This bug has been marked "future" because the original netscape engineer working 
on this is over-burdened. If you feel this is an error, that you or another 
known resource will be working on this bug,or if it blocks your work in some way 
-- please attach your concern to the bug for reconsideration.
Target Milestone: M18 → Future
Updating QA contact.
QA Contact: ckritzer → vladimire
I think that the real solution for this bug is the same as the solution for bug
15320, marking this a duplicate of that bug.

*** This bug has been marked as a duplicate of 15320 ***
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Verifying
Status: RESOLVED → VERIFIED
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.