1

While reading about shell scripts and temporary file handling, I came across Symlink Exploits. http://www.linuxsecurity.com/content/view/115462/151/ is the basic idea. I wondered if Python open() checks the file it is about to open to see if it is a symbolic link and tried to open a symbolic link file in 'w' mode. To my surprise it opened the link and consequently overwrote the file to which the link was pointing to. Now if my python program is doing a lot of file handling and that too in a predictable way, is not possible that an attacker creates a link by the name of the file my program is supposed to create and links it to a critical system file. This would overwrite the system file and crash the system? I used Python 2.4. Do subsequent python versions address this issue?

Or is this an issue at all?

RedBaron
  • 4,717
  • 5
  • 41
  • 65
  • [There is currently no way to replace a symlink without possibility for exploit](https://stackoverflow.com/a/55741590/5353461) – Tom Hale Apr 18 '19 at 08:22

3 Answers3

2

If your program is running with elevated privileges (such as root), then you can prevent this type of attack by not writing to files in a directory where lower privilege users have the ability to create symlinks.

This problem cannot be solved by the language or runtime library, but must be addressed in the environment in which the program runs.

(Note that if your program is not running with elevated privileges, then the user creating a symlink won't let them to anything that they couldn't have just done themselves without your program.)

Greg Hewgill
  • 951,095
  • 183
  • 1,149
  • 1,285
1

First of all, the user who runs the script should not have the permission to write critical system files. Secondly, it is not pythons task to address that issue. It is the task of the developer of the script. Python provides tempfile at least since 2.3.

Oswald
  • 31,254
  • 3
  • 43
  • 68
1

The problem only happens if you create temporary files (well, in general -- write to files) which have predictable names and are located in a directory which other users can write to. So if your script only write to your home directory you are fine. If you need to create temporary files in a shared-write directory, e.g. /tmp, you should use something like http://docs.python.org/library/tempfile.html

MK.
  • 33,605
  • 18
  • 74
  • 111
  • I have a script that needs to run as root. It has a base directory. And it writes to base_directory/tmp and base_directory/output. SO to safeguard it, should I give recursive 755 privileges for base directory to 'root'? Would that measure be enough – RedBaron Dec 24 '10 at 05:21
  • why not 700? But yes, as long as other users can't put symlinks to the directories where you create files, this particular problem doesn't apply. – MK. Dec 24 '10 at 05:23