[net.bugs.v7] slight security bug in /bin/sort

joel@prcrs.UUCP (Joel C. McClung) (07/16/85)

There is a slight security bug in /bin/sort when it creates temporary
files in /usr/tmp.  The temporary files are of the form: stmPIDXX where
PID is the process id, and XX is a set of barber-pole characters (aa,
ab, ac, ..., az, ba, bb, etc).  The first temporary file is created
with a mode of 600, but any subsequent tmp files are created with your
default permissions.

Repeat by:
	Run /bin/sort on a very large file and look at the temp
	files created in /usr/tmp.  On my system, a new temp file
	is created whenever the current tmp file is approximately
	12,500 bytes large.

Fix:	I can't.  We are a binary-only site.

-- 
Joel C. McClung	 {seismo!rlgvax,cbosgd!dolqci,nrcaero,petsd,pesnta}!prcrs!joel
Planning Research Corporation
1500 Planning Research Drive
McLean, VA 22102	 (703) 556-2644