how does mktemp prevent denial-of-service attack
Hello,
This is an excerpt from the Linux man page for mktemp command: "mktemp is provided to allow shell scripts to safely use temporary files. Traditionally, many shell scripts take the name of the program with the PID as a suffix and use that as a temporary filename. This kind of naming scheme is predictable and the race condition it creates is easy for an attacker to win. A safer, though still inferior approach is to make a temporary directory using the same naming scheme. While this does allow one to guarantee that a temporary file will not be subverted, it still allows a simple denial of service attack. For these reasons it is suggested that mktemp be used instead." - How can a denial-of-service attack be carried out if a directory name is known? - Why is it important to use mktemp to generate a sufficiently random file/directory name for temporary files? Thanks for your answer, best regards, Hari |
Quote:
|
All times are GMT -5. The time now is 06:07 PM. |