java相当于mkstemp [英] java equivalent for mkstemp
问题描述
Java中有没有办法安全地写出临时文件?
据我所知,创建临时文件的唯一方法是(createTempFile )实际上并没有同时打开它,因此文件打开和放置之间存在竞争条件。文件写。我错过了什么吗?我在UnixFileSystem.java中找不到createFileExclusively(String)背后的C源代码,但是我怀疑它真的可以做任何事情,因为在创建临时文件后在Java代码中发生文件打开(除非它试图做某事文件锁?)。
问题
临时文件之间是创建&你打开它,恶意攻击者可以取消链接该临时文件&把恶意的东西放在那里例如,攻击者可以创建命名管道来读取敏感数据。或者类似地,如果您最终通过读取文件来复制文件,那么命名管道可能会忽略所写的所有内容。提供要读取的恶意内容。
我记得在过去的10多年里,我读过许多临时文件攻击的例子,它们利用了名称出现在命名空间以及实际打开文件的时间。
希望减轻因素是Java设置正确的umask,因此权限较低的用户无法读取/写入文件并且通常/ tmp目录正确地限制权限,以便您不能执行取消链接攻击。
当然,如果您为自己拥有的临时文件传递自定义目录如果受到攻击的权限较低的用户可以对您进行取消链接攻击。地狱,使用inotify,它可能更容易利用竞争条件而不仅仅是执行目录列表的暴力循环。
http://kurt.seifried.org/2012/ 03/14 / creation-temporary-files-secure /
Java
使用java。 io.File.createTempFile() - 一些有趣的信息在 http://www.veracode.com/blog/2009/01/how-boring-flaws-become-interesting/
对于目录如何在Java中创建临时目录/文件夹?的有用帖子使用java.io.File.createTempFile()
$ b $文件$ p b目录使用c reateTempDirectory()
http://docs.oracle.com/javase/7/docs/api/java/nio/file/Files.html
Is there any way in Java to write out to a temporary file securely?
As far as I can tell, the only way to create a temporary file (createTempFile) does't actually open it at the same time, so there's a race condition between file open & file write. Am I missing something? I couldn't find the C source code behind createFileExclusively(String) in UnixFileSystem.java, but I doubt it can really do anything since the file open occurs in the Java code after the temp file is created (unless it tries to do something with file locks?).
The problem
Between when the temporary file is created & you open it, a malicious attacker could unlink that temporary file & put malicious stuff there. For example, an attacker could create a named pipe to read sensitive data. Or similarly if you eventually copy the file by reading it, then the named pipe could just ignore everything written & supply malicious content to be read.
I remember reading of numerous examples of temporary file attacks in the past 10+ years that exploit the race condition between when the name appears in the namespace and when the file is actually opened.
Hopefully a mitigating factor is that Java set's the umask correctly so a less-privileged user can't read/write to the file and typically the /tmp directory restricts permissions properly so that you can't perform an unlink attack.
Of course if you pass a custom directory for the temporary file that's owned by a less-privileged user who's compromised, the user could do an unlink attack against you. Hell, with inotify, it's probably even easier to exploit the race condition than just a brute force loop that does a directory listing.
http://kurt.seifried.org/2012/03/14/creating-temporary-files-securely/
Java
use java.io.File.createTempFile() – some interesting info at http://www.veracode.com/blog/2009/01/how-boring-flaws-become-interesting/
for directories there is a helpful posting at How to create a temporary directory/folder in Java?
Java 7
for files use java.io.File.createTempFile()
for directories use createTempDirectory()
http://docs.oracle.com/javase/7/docs/api/java/nio/file/Files.html
这篇关于java相当于mkstemp的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
