HOME

TheInfoList



Click Here for Items Related To - Symlink race
OR:
Symlink race on:   [Wikipedia]   [Google]   [Amazon]

A symlink race is a kind of
software security vulnerability Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
that results from a program creating files in an insecure manner. A malicious user can create a
symbolic link In computing, a symbolic link (also symlink or soft link) is a file whose purpose is to point to a file or directory (called the "target") by specifying a path thereto. Symbolic links are supported by POSIX and by most Unix-like operating system ...
to a file not otherwise accessible to them. When the privileged program creates a file of the same name as the symbolic link, it actually creates the linked-to file instead, possibly inserting content desired by the malicious user (see example below), or even provided by the malicious user (as input to the program). It is called a "
race Race, RACE or "The Race" may refer to: * Race (biology), an informal taxonomic classification within a species, generally within a sub-species * Race (human categorization), classification of humans into groups based on physical traits, and/or s ...
" because in its typical manifestation, the program checks to see if a file by that name already exists; if it does not exist, the program then creates the file. An attacker must create the link in the interval between the check and when the file is created. A symlink race can happen with
antivirus Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...
products that decide they will quarantine or delete a suspicious file, and then go ahead and do that. During the interval between decision and action, malicious software can replace the suspicious file with a system or antivirus file that the malicious software wants overwritten.


Example

In this naive example, the
Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
program foo is
setuid The Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Rit ...
. Its function is to retrieve information for the accounts specified by the user. For "efficiency", it sorts the requested accounts into a temporary file (/tmp/foo naturally) before making the queries. The directory /tmp is world-writable. Malicious user Mallory creates a symbolic link to the file /root/.rhosts named /tmp/foo. Then, Mallory invokes foo with ''user'' as the requested account. The program creates the (temporary) file /tmp/foo (really creating /root/.rhosts) and puts information about the requested account (e.g. ''user password'') in it. It removes the temporary file (merely removing the symbolic link). Now the /root/.rhosts contains password information, which (if it even happens to be in the proper format) is the incantation necessary to allow anyone to use
rlogin The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network. The r-commands were developed in 1982 by the Computer Systems ...
 to log into the computer as the
superuser In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of t ...
. Also in some Unix-systems there is a special flag O_NOFOLLOW for open(2) to prevent opening a file via a symbolic-link (dangling or otherwise). It's become standardized in
POSIX.1-2008 The Portable Operating System Interface (POSIX) is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. POSIX defines both the system- and user-level application programming inter ...
.


Workaround

The
POSIX The Portable Operating System Interface (POSIX) is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. POSIX defines both the system- and user-level application programming interf ...
C standard library The C standard library or libc is the standard library for the C programming language, as specified in the ISO C standard.ISO/IEC (2018). '' ISO/IEC 9899:2018(E): Programming Languages - C ยง7'' Starting from the original ANSI C standard, it wa ...
function
mkstemp In computing, mkstemp is a POSIX function for creating a temporary file (a computer file which usually ceases to exist when the program, which opened the file, closes it or terminates). It accepts an argument that determines the location of the t ...
 can be used to safely create temporary files. For shell scripts, the system utility does the same thing.


References

{{unix-stub Computer security exploits Unix