1

While reading about shell scripts and temporary file handling, I came across Symlink Exploits. http://www.linuxsecurity.com/content/view/115462/151/ is the basic idea. I wondered if Python open() checks the file it is about to open to see if it is a symbolic link and tried to open a symbolic link file in 'w' mode. To my surprise it opened the link and consequently overwrote the file to which the link was pointing to. Now if my python program is doing a lot of file handling and that too in a predictable way, is not possible that an attacker creates a link by the name of the file my program is supposed to create and links it to a critical system file. This would overwrite the system file and crash the system? I used Python 2.4. Do subsequent python versions address this issue?

Or is this an issue at all?

Improve this question
1

3 Answers 3

Reset to default
2

If your program is running with elevated privileges (such as root), then you can prevent this type of attack by not writing to files in a directory where lower privilege users have the ability to create symlinks.

This problem cannot be solved by the language or runtime library, but must be addressed in the environment in which the program runs.

(Note that if your program is not running with elevated privileges, then the user creating a symlink won't let them to anything that they couldn't have just done themselves without your program.)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

The problem only happens if you create temporary files (well, in general -- write to files) which have predictable names and are located in a directory which other users can write to. So if your script only write to your home directory you are fine. If you need to create temporary files in a shared-write directory, e.g. /tmp, you should use something like http://docs.python.org/library/tempfile.html

Improve this answer

2 Comments

I have a script that needs to run as root. It has a base directory. And it writes to base_directory/tmp and base_directory/output. SO to safeguard it, should I give recursive 755 privileges for base directory to 'root'? Would that measure be enough
why not 700? But yes, as long as other users can't put symlinks to the directories where you create files, this particular problem doesn't apply.
1

First of all, the user who runs the script should not have the permission to write critical system files. Secondly, it is not pythons task to address that issue. It is the task of the developer of the script. Python provides tempfile at least since 2.3.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.